SpiderSociety Proving Grounds Write-Up

SUMMARY

On the SpiderSociety machine, we found a web service running on port 80. Using directory enumeration, we discovered a libspider directory containing an admin panel. We logged in with default credentials (admin:admin) and found FTP server credentials inside.

With those FTP credentials, we accessed the server and found a hidden directory containing plaintext database credentials. Checking user privileges, we saw we could run certain commands as any user. We also owned a service file with write permissions.

By editing the service, we added a command for root to run, making the bash shell SUID. After reloading the system configuration and running the service, we confirmed bash had SUID permissions, giving us root access.

---

PATH TO FOLLOW

1. Reconnaissance
2. Web Enumeration
3. Access to admin panel
4. Found FTP credentials
5. Access to FTP service
6. Found hidden credentials
7. Initial Access
8. Abusing sudoers privilege
9. Privilege Escalation

Due to OffSec’s policy on content sharing, these write-ups will provide hints only rather than full solutions.I know, boring stuff.