We now have an interactive shell as ataegina . cat /home/ataegina/user.txt THMataegina_user_flag 4. Root Privilege Escalation Check SUID binaries:
find / -perm -4000 2>/dev/null Found: /usr/bin/doas (OpenBSD’s doas alternative on Linux).
cat /tmp/root_flag THMataegina_root_flag | Step | Technique | |------|------------| | Recon | Nmap, dirbusting | | Initial access | Tomcat manager default creds → WAR backdoor | | User pivot | sudo zip command injection | | Root | doas misconfiguration + systemctl abuse | Key takeaway: Always check default credentials, cronjobs, sudo/doas rights, and unusual SUID binaries.
Ataegina: Walkthrough !free!
We now have an interactive shell as ataegina . cat /home/ataegina/user.txt THMataegina_user_flag 4. Root Privilege Escalation Check SUID binaries:
find / -perm -4000 2>/dev/null Found: /usr/bin/doas (OpenBSD’s doas alternative on Linux).
cat /tmp/root_flag THMataegina_root_flag | Step | Technique | |------|------------| | Recon | Nmap, dirbusting | | Initial access | Tomcat manager default creds → WAR backdoor | | User pivot | sudo zip command injection | | Root | doas misconfiguration + systemctl abuse | Key takeaway: Always check default credentials, cronjobs, sudo/doas rights, and unusual SUID binaries.