unknowndevice64: 1

[ vulnhub  boot2root  walkthrough  ]

Goal

root

Download

https://www.vulnhub.com/entry/unknowndevice64-1,293/

Walkthrough

nmap
alt text

default 80
alt text

default 80 source; commented out jpg
alt text

jpg is accessible

alt text

download and try steghide; h1dd3n was password and reveals txt file with brainfuck
alt text

decoded brainfuck is user/pass
alt text

login worked, but to a restricted shell
alt text

able to get to vi; so we try escaping restriction
alt text

escape worked
alt text

commands work with full path
alt text

sudo shows that we can run a program ud64sys with no password
alt text

looking at program it’s strace
alt text

quick google here and we have root
alt text

and we have flag
alt text alt text

Written on April 9, 2019
Share on: