Description

Escalate your privileges to root on the host www.edu.stf (10.124.1.235).

To get the flag, run the script /home/lpeflag.

<aside> 💡

TLDR: My privilege escalation exploit didn't work as expected, but you can try it yourself to see if it works for you

</aside>

This is a continuation from the previous task.

If you haven't stabilized your shell yet, do this first:

python3 -c 'import pty;pty.spawn("/bin/bash")'

export TERM=xterm

Ctrl + Z

stty raw -echo; fg

stty rows 38 columns 116

www-data@www:/var/www/html/api$ python3 -c 'import pty;pty.spawn("/bin/bash")'
<api$ python3 -c 'import pty;pty.spawn("/bin/bash")'
www-data@www:/var/www/html/api$ export TERM=xterm
export TERM=xterm
www-data@www:/var/www/html/api$ ^Z
zsh: suspended  nc -lvnp 1337
                                                                                                                       
┌──(kali㉿kali)-[~]
└─$ stty raw -echo; fg
[1]  + continued  nc -lvnp 1337
                               stty rows 38 columns 116
www-data@www:/var/www/html/api$ 

For local privilege escalation, the hint we received is related to vulnerabilities in the GNU C Library.

We can check the library version to identify potential exploits.