Co-author: trollzorftw
Can you climb to the top?
Flag format: CTF{sha256}
CTF{b9c3e7b42569f24c3c5e47b53c88f8ed0d7d7ba1e7b695b5e245c4459f4b3151}
A privilege escalation on a Linux server, mainly done using binaries with the SUID wrongly set.
Initial recon:
We have 3 files
In index.php we can see that we can download any file using download <file_name>.
So I downloaded all 3 files.
I had to do a reverse shell (https://shellgenerator.github.io/) with ngrok to be able to login as ‘meriot’ (his password was in wp-config.php: 12FsacKsad).