Writeups

UltraTech CTF Room of THM

Machine_IP : 10.10.141.124

• nmap scan here

• Found a server at port 8081 and 31331
• Had a look into the port 8081 found /auth and /ping but didn’t know how to work on it.
• Had a look into next port and found a login page and a js file where the functioning of the /ping was mentioned.
• Since it was poorly serialized, used `` to execute the commands.
• Established a reverse shell from the command execution part and had a look into the files.
• Found a database and found a bunch of hashes with username.
• Cracked those md5 hashes to get the privileges of r00t using ssh.
• Downloaded LinEnum.sh to find that there was a docker container in it which could be used for privilege escalation to root.
• used docker run -v /:/mnt --rm -it bash chroot /mnt sh to get the priliveges to root.