What about Cy-nix Machine?

A Write up about Cy-nix Machine that focused in webpentsting and Linux Privilage Escilation

Hello everyone, Morning i download Cynix Machine from Vulnhub and it was awesome So i decide to write this Writeup and i Wish You like it ):

After download the machine and open it

First Step

i use angry scanner to discover the machine ip :

The lovely tool Nmap

I use FFUF to fuzz

after fuzzing i found this hidden directory and it was a website contain contact us so i enter data and intercept by burp

While intercept i found this

quickly i open this directory and found just this photo

In the file i tried LFi and enter 1 before the payload because in the page source it takes an integer

I try to covert LFi to RCE so after small play with LFi with using one of the users i gain from the LFI i Found Private SSH key

I try to connect with the ssh key and it success

We have RCE here btw

when i discover the user i found that the machine use lxd

So why not privilege escalation i try to git clone to use a tool like bease but it accessed only by admin so i trying this Payloads and it works btw

Finally Root (:

and i found root flag in /mnt/root/root

I wish You love This small Writup and Thank you (:

Last updated 1 year ago