mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-28 22:50:19 +00:00
1.2 KiB
1.2 KiB
echoCTF - Cretin
We can find the first flag by printing the environmental variable env
after connecting with nc
Privilege Escalation (dribble)
Running sudo -l
we can see that this user can runed
binary as dribble
user
So looking at GTFOBINS
Privilege Escalation (scribble)
Again running sudo -l we can see this user can now run capsh
binary as scribble
user
Privilege Escalation (ETSCTF)
This is the last priv esc that we need to do , we can run whiptail
as ETSCTF
user
Running that we will get ambiguous redirect , so this isn't actually a binary but a script which is running the actual whiptail binary
We just need to specify the file name to read as the privesc is already included here