Hetemit 🔸

Enumeration

Going to port 50000, we have a Python API that shows...

At /verify we can inject code using os.system() because it is Python.

Using caido.

Get the flag.

Checking with linpeas.

We can reboot the system and write to that service.

It's impossible to edit the file without a fully interactive shell, so let's use penelope.

Change the execution and the user.

We reboot and wait.

sudo /sbin/reboot

Get the flag.