Pelican 🔸

Enumeration

We see a exhibitor for zookeeper on 8080

Searching we have

So adding a nc in the correct field

We have access

Get the flag

With sudo -l we can see gcore privileges

with ps aux we search for a process with password and i see password store

So using that pid, and then using strings on the file we have a password

Now we can execute commands as root ( i couldn't switch to the user; next time use a bash connections instead of nc)

Get the flag