Proving Grounds Practice — Pelican
Hello, today I’ll talk about the solution of Proving grounds Practice — Pelican.
First, we run an Nmap scan.
I started researching the exploits available on the services on the relevant ports and found the zookeeper exploit.
We write our reverse shell payload in the java.env script field and listen with netcat. and we got our shell
It is necessary to increase our authority, we will run linpeas to obtain information. We transfer the linpeas file to the machine with the python server.
In the Linpeas output, the privilege escalation section with sudo and suid attracts our attention.
An interesting file caught our attention to increase our authority with gcore. (password-store)
We learn which command to run with gtfobins.
Then we read the resulting file with the string command. There is a password inside the file. We can switch to the root user with this password.
Yes, we now have root. We can get our proof.txt file.
We find our flag and complete the challenge. Keep hacking !
Practice makes perfect :)