Posts

Showing posts from November, 2020

The Server From Hell

Image
Walkthrough for The Server from Hell  nmap scan the IP we have -  111 (rpcbind), 1137 (probably telnet/trim?), 2049 (nfs), 3333(ssh) We can futher enumrate rpc and nfs - To know which folder has the server available to mount we an ask it using-  showmount -e IP we can mount this folder using - sudo mount -t nfs  IP:/home/nfs /tmp/1 It conatins a backup.zip file we can copy it, while unzipping it we see it is password protected, (the room owner may have hide the password in some other process, but i cracked it online ) After cracking the zip we see flag.txt and id_rsa we can ssh into hades' shell using - ssh -i id_rsa hades@IP -p 3333 after sshing we got some kind of shell (not bash or sh), after searching for irb we get it's a ruby shell we can run system commands by- system("command-here"), we can also spawn bash using -  exec "/bin/bash" and can see the user flag - We can see we don't have write permissions, so we can't upload scripts to check fo...