Skip to content

Scrutiny 🔸

Enumeration

The web page is onlyrands, add to /etc/hosts.

At /login we have:

Initial Access

Searching for an exploit, we have https://github.com/Chocapikk/CVE-2024-27198.

We can use that credential to access the UI and explore, and we find an id_rsa under the Marco Tillman project.

The key is protected, so using ssh2john and john we get cheer as password.

Get the flag.

Privilege Escalation

This user has email, so let's check /var/spool/email.

We have the matthew password.

Pivot to briand and sudo -l.

Searching, we find https://sploitus.com/exploit?id=EDB-ID:51674, all systemd before 247 can be abused to gain root.

Post Exploitation

Get the flag.