SAR: 1 — Walkthrough

Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing.

Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing.

Sar: 1
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with…

Enumeration

we know that it is using php
got sar2html dir by looking into the robots.txt

Exploitation

sar2HTML Ver 3.2.1

Let’s search for any available vulnerabilities.

Offensive Security's Exploit Database Archive
Exploit Title: sar2html Remote Code Execution # Date: 01/08/2019 # Exploit Author: Furkan KAYAPINAR # Vendor…
  • I used wget to get my shell into the webserver and ran it to get reverse shell.

Privilege Escalation

After becoming www-data, let’s run the linpeas

found this….. ;p

edited(chmod +s /bin/bash) the write.sh and got a shell.


Photo by Lidya Nada on Unsplash