HackMyVM Kitty
Its a nightmare!
1. Find subdomain target.
2. exploit oracle padding attack on cookie to become admin and get logs
3. sqlmap 'logs' to get users and salt table to find gitea credentials
4. gitea holds a comment to find the fastAPI URL
5. find the number for some creds to get a token
6. Crack OAUTH token and forge a new one as admin with 'isadmin=1' .
7. find and send commands to get reverse shell
8. Explore to find 'user' name and sshkey
9. use 'user' and 'www-data' to escalate to 'power' with fastcgi socket
10. reverse engineer regex as power to get root
Comments
Post a Comment