PwnTillDawn: Vega

Vega was an easy box residing at IP address 10.150.150.222. As usual we will start off with a rustscan:

We can see that we have a couple of different ports up, two are HTTP and one SSH. I decided to start my focus on port 80 and start with a feroxbuster scan to see if there was anything else:

.bash_history is very strange, lets check that out and see if we can find anything:

We can see that there is a flag and also a password, however, when you see the password you will soon realize the user misspelled it. When spelled correctly we can SSH in, if you cannot figure out the spelling do a quick google search and you will very quickly realize what the user did:

Above we can see that there is password reuse, we are able to login to the mcahine and see that sudo -l shows that the user can do anything with sudo, that means that we can get a quick win with a sudo su and grab the root flag, residing in the root folder and the other flag residing in vega’s home directory.

Thanks for reading.