Mar 30, 2025, 03:06 PM
I'm currently working on the "DOG" box and I was able to gain a shell as www-data by exploiting Backdrop CMS and uploading a webshell module. From there, I upgraded my shell using Python (pty.spawn("/bin/bash")) and verified that I have basic shell access.
I've already run LinPEAS and Linux Exploit Suggester, which pointed out potential privesc vectors like CVE-2021-4034 (PwnKit), but that led me straight to root. What I'm really trying to figure out now is how to escalate from www-data to the user account that owns the user.txt
flag.
I still can’t seem to find a way to pivot from www-data to the target user.
Any nudges or suggestions would be much appreciated — even just a hint toward what to focus on would help a lot.
Thanks in advance! ?
I've already run LinPEAS and Linux Exploit Suggester, which pointed out potential privesc vectors like CVE-2021-4034 (PwnKit), but that led me straight to root. What I'm really trying to figure out now is how to escalate from www-data to the user account that owns the user.txt
flag.
I still can’t seem to find a way to pivot from www-data to the target user.
Any nudges or suggestions would be much appreciated — even just a hint toward what to focus on would help a lot.
Thanks in advance! ?
