Post

HTB Linux Easy: Shocker

Shocker is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Shocker

Nmap

Pasted image 20240715103728.png

Initial Foothold

HTTP

Use dirb for directory busting to find the cgi-bin endpoint. Pasted image 20240715103712.png

Enumerating the cgi-bin directory using ffuf, no scripts were found with the .cgi extension, however the .sh extension returned a result: user.sh. Pasted image 20240715103705.png

Since we know what script is in the /cgi-bin/ directory we can use it to get a reverse shell. For this we will use burpsuite and change our User-Agent to a reverse shell. Pasted image 20240715103700.png

Our nc listener should have turned into a shell. Pasted image 20240715103655.png

Priv Esc

Sudo -l reveals a binary that we can execute with sudo, use GTFObins to escalate to root. Pasted image 20240715103646.png

User.txt

Pasted image 20240715103638.png

Root.txt

Pasted image 20240715103632.png

PWNED!!!

Pasted image 20240715103627.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.