Mar 05, 2024, 04:41 AM
You can watch the full video walk-through here https://youtu.be/cQlb4C8WUG4
Task:
1. Identify SSTI injection point.
2. Select the right payload
3. Retrieve password hashes from .db file. Connect using sqlite3
4. Read mail in /var/mail to understand the hash masking format
5. Crack password hash using hashcat masking ( hashcat -m 1400 -a 3 <hash-file> susan_nasus_?d?d?d?d?d?d?d?d?d)
6. With password in hand, sudo bash to get root.
Task:
1. Identify SSTI injection point.
2. Select the right payload
3. Retrieve password hashes from .db file. Connect using sqlite3
4. Read mail in /var/mail to understand the hash masking format
5. Crack password hash using hashcat masking ( hashcat -m 1400 -a 3 <hash-file> susan_nasus_?d?d?d?d?d?d?d?d?d)
6. With password in hand, sudo bash to get root.