Skip to content

Scrutiny 🔸

Enumeration

Web page is onlyrands, add to /etc/hosts

in /login we have

Initial Access

Searching an exploit we have https://github.com/Chocapikk/CVE-2024-27198

We can use that credential to access the UI and explore and we find an id_rsa under marco tillman project

The key is protected so using ssh2john and john we get cheer as password.

Get the flag

Privilege Escalation

This user has email so let's check /var/spool/email

We have matthew password

Pivot to briand and sudo -l

Searching we find https://sploitus.com/exploit?id=EDB-ID:51674, all systemd before 247 can be abused to gain root

Post Exploitation

Get the flag