Vulnersity

• Scan the box; how many ports are open?

6

• What version of the squid proxy is running on the machine?

3.5.12

• How many ports will Nmap scan if the flag -p-400 was used?

400

• What is the most likely operating system this machine is running?

Ubuntu

• What port is the web server running on?

3333

• What is the directory that has an upload form page?

/internal/

• Run this attack, what extension is allowed?

.phtml

• What is the name of the user who manages the webserver?

bill

• What is the user flag?

8bd7992fbe8a6ad22a63361004cfcedb

• On the system, search for all SUID files. Which file stands out?

/bin/systemctl

• It's challenge time! We have guided you through this far. Can you exploit this system further to escalate your privileges and get the final answer?

Become root and get the last flag (/root/root.txt)

a58ff8579f0a9270368d33a9966c7fd5