The Server From Hell
Walkthrough for The Server from Hell nmap scan the IP we have - 111 (rpcbind), 1137 (probably telnet/trim?), 2049 (nfs), 3333(ssh) We can futher enumrate rpc and nfs - To know which folder has the server available to mount we an ask it using- showmount -e IP we can mount this folder using - sudo mount -t nfs IP:/home/nfs /tmp/1 It conatins a backup.zip file we can copy it, while unzipping it we see it is password protected, (the room owner may have hide the password in some other process, but i cracked it online ) After cracking the zip we see flag.txt and id_rsa we can ssh into hades' shell using - ssh -i id_rsa hades@IP -p 3333 after sshing we got some kind of shell (not bash or sh), after searching for irb we get it's a ruby shell we can run system commands by- system("command-here"), we can also spawn bash using - exec "/bin/bash" and can see the user flag - We can see we don't have write permissions, so we can't upload scripts to check fo...