Jack of All Trades

This engagement involved exploiting a misconfigured Linux system with swapped service ports, steganography-based credential storage, and insecure binaries. Initial access was achieved via remote command execution, followed by privilege escalation through a SUID misconfiguration.

Reconnaissance

Port scanning revealed:

SSH running on port 80
HTTP running on port 22

The unusual service configuration required manual interaction and hinted at intentional obfuscation.

Initial Findings

A hidden directory (`/assets`) contained images used for steganography.

Extracted credentials:

jackinthebox : TplFxiSHjY

Exploitation

The web application allowed command execution via a `cmd` parameter, enabling remote code execution.

A reverse shell was obtained, and further enumeration revealed a password list used to brute force SSH access for user jack.

Privilege Escalation

A SUID binary (`strings`) was identified and abused to read the root flag directly.

/usr/bin/strings /root/root.txt

Impact

Multiple vulnerabilities combined to allow full system compromise, including remote code execution and unauthorized access to root-level data.

Key Takeaways

Non-standard ports can hide critical services
Steganography can conceal sensitive credentials
RCE vulnerabilities provide immediate footholds
Weak passwords enable lateral movement
SUID misconfigurations can lead to root compromise