I picked up Sedna and these were the steps:
Like any machine, starting with arp-scan:
arp-scan -l
The machine got detected at 192.168.137.152
Next, I concentrated on port 80 and running dirbuster it became clear that builderengine is running.
Doing a quick searchsploit for builderengine revealed exploit for arbitrary upload.
I uploaded a simple php rerverse shell and received reverse shell on listening port 443.
/var/html
cat flag.txt
bfbb7e6e6e88d9ae66848b9aeac6b289
Next, exploit for first overlayfs was tried but It failed
Checkeding exit code it gave me 255 but it was irrelevant.
Checking further, I saw that there was no "su" in /bin which could be the cause but I skipped to look other exploits.
For 14.04, the exploit apport worked just fine and root shell was achieved.
/root
cat flag.txt
a10828bee17db751de4b936614558305
There are two more flags, I am lazy so going to skip those...
(Maybe I will do that later...)
Like any machine, starting with arp-scan:
arp-scan -l
The machine got detected at 192.168.137.152
Next, I concentrated on port 80 and running dirbuster it became clear that builderengine is running.
Doing a quick searchsploit for builderengine revealed exploit for arbitrary upload.
I uploaded a simple php rerverse shell and received reverse shell on listening port 443.
/var/html
cat flag.txt
bfbb7e6e6e88d9ae66848b9aeac6b289
Next, exploit for first overlayfs was tried but It failed
Checkeding exit code it gave me 255 but it was irrelevant.
Checking further, I saw that there was no "su" in /bin which could be the cause but I skipped to look other exploits.
For 14.04, the exploit apport worked just fine and root shell was achieved.
/root
cat flag.txt
a10828bee17db751de4b936614558305
There are two more flags, I am lazy so going to skip those...
(Maybe I will do that later...)