Secure Logging Training
by ilike pizza
1. Docker container
1.1. /var/www/html/docker
1.2. Commands
1.3. http - 80
2. Web
2.1. 10.10.172.71
2.1.1. apacge2 server
2.1.2. Nothing interesting :(
2.2. team.thm
2.2.1. Gobuster
2.2.1.1. /images
2.2.1.2. /Scripts
2.2.1.3. /assets
2.2.1.4. index.html
2.2.2. robots.txt
2.2.2.1. dale
2.2.3. Wfuzz
2.2.3.1. www
2.2.3.2. dev
2.2.3.2.1. dev.team.thm
2.2.3.3. www.dev
3. Foothold
3.1. dale
3.1.1. Ability run as SUDO
3.1.1.1. But require passwd for dale:(
3.1.1.2. Can run executable as the user gyles
3.1.1.2.1. Inject /bin/bash at $error
3.1.1.2.2. Spawn a shell as gyles
3.2. Gyles
3.2.1. Can Run as SUDO
3.2.2. Has 3 user groups
3.2.2.1. gyles
3.2.2.2. editors
3.2.2.3. admin
3.2.2.3.1. /usr/local/bin
3.2.2.3.2. /usr/local/bin/main_backup.sh
3.2.2.3.3. /opt/admin_stuff