Soccer writeup by evyatar9

Read my writeup to Soccer machine

TL;DR

User:
Using gobuster we found /tiny URL path, Found default credentials for tiny, Upload PHP reverse shell using tiny portal and we get a reverse shell as www-data, Found nginx configuration with vhost soc-player.soccer.htb, On this vhost we found WebSocket to port 9001, Found SQLi, Using SQLi we get the credentials of player user.

Root: Found that permit nopass player as root cmd /usr/bin/dstat, Create our python reverse shell dstat plugin, Run it using doas and we get a reverse shell as root.