THM WriteUP | Epoch
Professional pentester, technical writer, telegram channel owner
Intro
Hello ethical hackers! Today we are going to pass the Epoch on TryHackMe. This lab has tags: CLI, Epoch.
Recon
Scanning
For no need to enter IP again and again. I exported IP like a variable in current bash shell.
export IP=*.*.*.*
Then i scan the host with rustscan.
Web recon
Okey, found ssh and http server. Let's analyze web:
Hm... We see time converter. In source code nothing intersting.
Try to test it:
I tried XSS, SQLi, but nothing works... I back to machine description and reread it.
Wait... it doesn't need to be online, you say? Are you telling me there is a command-line Linux program that can already do the same thing.
Command Injection
That sounds like a hint. Try to command injection this form.
Nice, it works! May be try spawn reverse shell?
Yep! We have access to the machine. But we don't see flag in home directory...
Flag
Check env and yeah, we found flag!
