Fish.io — Hack

After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password:

nmap -sV -p- 10.10.10.15 The scan reveals that ports 22 (SSH), 80 (HTTP), and 8080 (HTTP) are open. We can now focus on exploring these services further. hack fish.io

http://10.10.10.15/admin Indeed, we find a simple login form. After attempting some common credentials, we manage to log in using the username admin and password password123 . After exploring the file system, we discover that

sudo -l We can leverage this configuration to gain root access: After attempting some common credentials, we manage to

Next, we visit the HTTP service running on port 80:

http://10.10.10.15 The webpage appears to be a simple website with a " Contact Us" form. However, upon inspecting the page source, we notice a peculiar comment:

To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services: