This box consist of several vulnerabilities:
- Command Injection - Used a vulnerability in
exiftoolthat allowed me to run arbitrary code.
- Leaked Credentials - Then we found the
.msgfile which contained an event logs from a Windows machine where we found the credentials for user
smorton. I wasted a lot of time an effort to figure that one out, so don’t be discouraged when you can’t find it in the first 5 mins.
- Sudo commands - We then found the mysterious
/usr/bin/binaryfile that we could use sudo with and that led us to analyze it further where we found that it accepts 2 arguments, and it downloads a file, saves it with a specific name and runs it using