Summary
Passage is a Linux, medium box is a created by ChefByzen, initial foothold required to find a CVE for CuteNews and using that to get a shell as www-data
. Enumerating the filesystem we find a Lines
files which contained some php serialized object. deseralizeing the object and checking we find some hash cracking that and trying to su we get access to paul
user checking the .ssh
directory we see that the id_rsa.pub
is the key of nadav
so possible key reuse, using which we can get nadav
. After getting nadav
we need to see .viminfo
for a hint, which contain something about USBCreator.conf
Looking for that we stumble upon a blog post explaining how to exploit it and get a root shell.