Hack Fish.io -

Hack Fish.io -

http://10.10.10.15/admin Indeed, we find a simple login form. After attempting some common credentials, we manage to log in using the username admin and password password123 .

<!-- TODO: move to prod env --> This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces: hack fish.io

After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password: http://10

sudo -l We can leverage this configuration to gain root access: hack fish.io

http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges.

Go to Top