Pelican 🔸

Enumeration

We see an exhibitor for zookeeper on port 8080.

Searching, we have:

So adding a nc in the correct field.

We have access.

Get the flag.

With sudo -l we can see gcore privileges.

With ps aux we search for a process with password and see password store.

So using that PID, and then using strings on the file, we have a password.

Now we can execute commands as root (I couldn't switch to the user; next time use a bash connection instead of nc).

Get the flag.