Mischief write-up by epi

HTB{ Mischief }

Feel free to hit me up with any questions/comments. Thanks!

Cool that you documented your different ways to root! The way I did it was to create a setuid sh with www-data user like:

cp /bin/sh /home/loki/.tmp/sh
chown 33:33 /home/loki/.tmp/sh
chmod u+s /home/loki/.tmp/sh

With this shell loki could just switch to www-data and execute su.

@jkr said:
Cool that you documented your different ways to root! The way I did it was to create a setuid sh with www-data user like:

cp /bin/sh /home/loki/.tmp/sh
chown 33:33 /home/loki/.tmp/sh
chmod u+s /home/loki/.tmp/sh

With this shell loki could just switch to www-data and execute su.

Ha! That’s slick. Nicely done!