Seppuku Walkthrough

We run nmap -A -T4 -p- 192.168.1.14 -vv

A lot of ports are open 21,22,80,139,445,70807601,8080 But be aware the creator of this machine said to watch out of rabbit holes, and after a lot of falling into them i wrote the solution to this machine, to spare you the headache let’s get to the steps.

We run dirb http://192.168.1.14:7601

We interested in /keys and /secret

In the secret folder we can find private ssh key, but we have no user name yet, so let’s leave it for now, in the secret folder we have hostname and password.lst so now we use the user Seppuku in the hostname file with the password.lst using Hydra against ssh service hydra -l seppuku -P /root/password.lst ssh://192.168.1.14 -f -vV

We got a password “eeyoree” we can login with it to ssh:

There is a file .password and there is a password inside it

The password is 12345685213456!@!@A and there are two new users:

The password worked for the user samurai and the user can run sudo:

Now it’s time for the 3rd user “tanto” and we’re going to use the private key to access via ssh:

chmod 600 private

ssh -i private tanto@192.168.1.14

Now we got in and we are Tanto, let’s create the path /home/tanto/.cgi_bin/bin that we found with the user “samurai” so we can run it as sudo

Return to the user “samurai” and we run sudo /../../../../../../home/tanto/.cgi_bin/bin /tmp/*

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s