Hetemit 🔸

Enumeration

Initial Access

Going to 50000 we have a python api that shows

At /verify we can inject code using os.system() because is python

Using caido

Get the flag

Privilege Escalation

Checking with linpeas

We can reboot the system and write to that service

It's impossible to edit the file without a fully interactive shell so let's use penelope

https://github.com/brightio/penelope

Changet the execution and the user

We reboot and wait

sudo /sbin/reboot

Post Exploitation

get the flag