RootMe

Task2

Scan the machine, how many ports are open?

2

What version of Apache is running?

2.4.29

What service is running on port 22?

ssh

Find directories on the web server using the GoBuster tool.

What is the hidden directory?

/panel/

Task3

user.txt

Apache2.4.29版本有个文件解析的洞，直接传一个一句话，文件名为xxx.php.\就连上了

THM{y0u_g0t_a_sh3ll}

Task4

Search for files with SUID permission, which file is weird?

一眼丁真

/usr/bin/python

Find a form to escalate your privileges.

root.txt

https://gtfobins.github.io/#这里面找个python的suid提权

本来使用的蚁剑，后来发现蚁剑的shell多少有点问题，又换了弹shell

反弹shell的php脚本 --> https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php

THM{pr1v1l3g3_3sc4l4t10n}

md，忍不了了，网络质量太差了，之后再去看看春秋云境吧