HackTheBox - Sunday Writeup
Sunday is an easy Hack The Box Linux machine with unusual services. Enumeration of the finger service reveals valid usernames, and default credentials provide SSH access. A leaked shadow.backup file exposes a crackable password hash, leading to a second user. With full sudo rights, privilege escalation is achieved by exploiting wget to modify the sudoers file and gain root access.
December 3, 2022 1 min read finger finger-user-enum john privesc-wget