Admirer

HTB Content Machines
551

Solved this challenge today

Lots of hints already on this discussion. I will reiterate some.

  • Start by looking for things that normally a web application owners want to hide from you.
  • To get foothold use FUZZing. There is no alternate. You may need to use wordlists that contain words commonly used in PHP applications. Search github for those.
  • Getting user is little harder but search engine/s are your friend. This technique is a new learning for me.
  • Root access is medium level. Don’t overthink. Stick to basics.

Will be happy to give nudge for those you want.

Thanks @polarbearer and @GibParadox

root@admirer:# hostname
hostname
admirer
root@admirer:# ifconfig
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.10.187 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 fe80::250:56ff:feb9:4771 prefixlen 64 scopeid 0x20
inet6 dead:beef::250:56ff:feb9:4771 prefixlen 64 scopeid 0x0
ether 00:50:56:b9:47:71 txqueuelen 1000 (Ethernet)
RX packets 13034433 bytes 2068617655 (1.9 GiB)
RX errors 9241 dropped 7918 overruns 0 frame 0
TX packets 11280599 bytes 3455117373 (3.2 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1 (Local Loopback)
RX packets 31892 bytes 3147119 (3.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31892 bytes 3147119 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

root@admirer:# id
id
uid=0(root) gid=0(root) groups=0(root)