Bashed HTB Writeup

  • Visit /dev to get WebShell,
  • Upload php-reverse-shell in /uploads directory from phpbash WebShell to get reverse shell,
  • Change the code in test.py with that of reverse shell to escalate privileges to root.

Part 1 : Recon

1. Starting off with an Nmap Scan to get information about the open ports.

Part 2: Enumeration

  1. Let’s begin our enumeration by visiting the webpage on port 80

Part 3 : Getting User Flag

Visiting the WebShells we got from the /dev directory we got a shell as Apache’s default user www-data. Now let’s try to get the user flag.

Part 4 : Getting Root Flag

Now let’s try for privilege escalation. Running the sudo -l command gives us some juicy information Let’s take note of it for later use.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Viren Saroha

Viren Saroha

Student | HTB/THM Player | Security Researcher