Food koth tryhackme

nmap scan results

ports open

22 ssh
3306 mysql
9999 abyss
15065 http golang
16109 unknown
46969 telnet

wired thing happen on port 16109 i found a food image then i tried to bruteforce it using feroxbuster

while brute force search many directories were found but all redirected to only one image which is the food image so i downloaded that image on my local kali

without wasting any time i search through steghide a tool which reveals the hidden files inside image and yes i was right we got something inside that image

now extract the message from the image using steghide

commands are steghide extract -sf bookstore

and we found the username and password for ssh lets log in

and we logged in successfully using the creds extracted from the image

Now time to get root

for root just search for suid binaries using the following commands

find / -perm -4000 2>/dev/null

and we found that its can be abuse easily with vim.basic we just have to use the following commands

eg /usr/bin/vim.basic /etc/sudoers and then we have to give all all permission to the pasta user so that it can run any commands without

any restrictions le me show you how

to exit forcefully press :wq! this will save the command and changes r made trough vim.bsic in /etc/sudoers

and now you can see pasta user can execute any commands even root commands

and now we r root

try to find flag on your own 😉 #no spoon feeding

Leave a Reply

Your email address will not be published. Required fields are marked *

©2025 cyberspynet WordPress Video Theme by WPEnjoy