Hack The Box: Wifinetictwo Machine Walkthrough-Medium Difficulty

27 Jul, 2024
Hack The Box: Wifinetictwo Machine Walkthrough-Medium Difficulty

Medium Machine
Reading Time: 6 minutes
In this post, I would like to share a walkthrough of the WifineticTwo Machine from Hack the Box
This room will be considered a Medium machine on Hack the Box
What will you gain from the WifineticTwo machine?

For the user flag, you need to play around with proxy server redirects to an OpenPLC login page. Using the default OpenPLC credentials (openplc/openplc), we log in and exploit CVE-2021-31630 to upload a C-based reverse shell payload on the server, which grants us root access. However, the /root directory only contains the user flag.
As for the root flag, you need to abuse network interfaces (ifconfig) to reveals a wifi interface (wlan0). Its enumeration shows the wifi network’s name (SSID, “plcrouter”), and also that WPS (Wifi Protected Setup) is enabled. Despite the name “WPS”, it is a dangerous parameter that makes wifi vulnerable to the Pixie Dust. This attack allows us to retrieve the PSK (Pre-Shared Key) required to connect to the network. There is an existing Python exploit which does just that. With the PSK in our possession, we can create a configuration file and connect to the network with wpa_supplicant (a daemon process that manages wireless connections on Linux). Once connected to the wifi network, we can SSH into the router which has the default address 192.168.1.1., and this is where we find the root flag.
Information Gathering on Wifinetictwo Machine

Once we have started the VPN connection which requires a download from Hackthebox, we can start
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.94SVN%I=7%D=7/27%Time=66A48328%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,24C,"HTTP/1\.0\x20302\x20FOUND\r\ncontent-type:\x20text/htm
SF:l;\x20charset=utf-8\r\ncontent-length:\x20219\r\nlocation:\x20http://0\
SF:.0\.0\.0:8080/login\r\nvary:\x20Cookie\r\nset-cookie:\x20session=eyJfZn
SF:Jlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlfQ\.ZqSBMw\.5Dui3GDuWcHHuRnEreYKf
SF:ULCyVI;\x20Expires=Sat,\x2027-Jul-2024\x2005:15:11\x20GMT;\x20HttpOnly;
SF:\x20Path=/\r\nserver:\x20Werkzeug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x
SF:20Sat,\x2027\x20Jul\x202024\x2005:10:11\x20GMT\r\n\r\n\nRed
SF:irecting\.\.\.\nRedirecting\.\.\.\nYou\x20should\x2
SF:0be\x20redirected\x20automatically\x20to\x20target\x20URL:\x20/login\.\x20\x20If\x20not\x20click\x20the\x20link\.")%
SF:r(HTTPOptions,14E,"HTTP/1\.0\x20200\x20OK\r\ncontent-type:\x20text/html
SF:;\x20charset=utf-8\r\nallow:\x20HEAD,\x20OPTIONS,\x20GET\r\nvary:\x20Co
SF:okie\r\nset-cookie:\x20session=eyJfcGVybWFuZW50Ijp0cnVlfQ\.ZqSBMw\.1eDp
SF:b8sffZFXl0DF0iPlkuVo5LE;\x20Expires=Sat,\x2027-Jul-2024\x2005:15:11\x20
SF:GMT;\x20HttpOnly;\x20Path=/\r\ncontent-length:\x200\r\nserver:\x20Werkz
SF:eug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x20Sat,\x2027\x20Jul\x202024\x2
SF:005:10:11\x20GMT\r\n\r\n")%r(RTSPRequest,CF,"HTTP/1\.1\x20400\x20Bad\x2
SF:0request\r\ncontent-length:\x2090\r\ncache-control:\x20no-cache\r\ncont
SF:ent-type:\x20text/html\r\nconnection:\x20close\r\n\r\n
4
SF:00\x20Bad\x20request\nYour\x20browser\x20sent\x20an\x20invalid\x20
SF:request\.\n\n")%r(FourOhFourRequest,224,"HTTP/1\.0\x20404
SF:\x20NOT\x20FOUND\r\ncontent-type:\x20text/html;\x20charset=utf-8\r\ncon
SF:tent-length:\x20232\r\nvary:\x20Cookie\r\nset-cookie:\x20session=eyJfcG
SF:VybWFuZW50Ijp0cnVlfQ\.ZqSBMw\.1eDpb8sffZFXl0DF0iPlkuVo5LE;\x20Expires=S
SF:at,\x2027-Jul-2024\x2005:15:11\x20GMT;\x20HttpOnly;\x20Path=/\r\nserver
SF::\x20Werkzeug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x20Sat,\x2027\x20Jul\
SF:x202024\x2005:10:11\x20GMT\r\n\r\n\n404\x20Not\x20Found</ti
SF:tle>\n<h1>Not\x20Found</h1>\n<p>The\x20requested\x20URL\x20was\x20not\x
SF:20found\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\
SF:x20manually\x20please\x20check\x20your\x20spelling\x20and\x20try\x20aga
SF:in\.</p>\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jul 27 01:18:42 2024 -- 1 IP address (1 host up) scanned in 17.46 seconds
┌─[darknite@parrot]─[~/Documents/htb/wifinetictwo]
└──╼ $
" style="color:#abb2bf;display:none" aria-label="Copy" class="code-block-pro-copy-button"><svg xmlns="http://www.w3.org/2000/svg" style="width:24px;height:24px" fill="none" viewbox="0 0 24 24" stroke="currentColor" stroke-width="2"><path class="with-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"></path><path class="without-check" stroke-linecap="round" stroke-linejoin="round" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2"></path></svg></span><pre class="shiki one-dark-pro" style="background-color: #282c34" tabindex="0"><code><span class="line"><span style="color: #ABB2BF">┌─[</span><span style="color: #C678DD">darknite</span><span style="color: #E06C75">@parrot</span><span style="color: #ABB2BF">]─[~</span><span style="color: #56B6C2">/</span><span style="color: #C678DD">Documents</span><span style="color: #56B6C2">/</span><span style="color: #C678DD">htb</span><span style="color: #56B6C2">/</span><span style="color: #C678DD">wifinetictwo</span><span style="color: #ABB2BF">]</span></span>
<span class="line"><span style="color: #ABB2BF">└──╼ </span><span style="color: #E06C75">$nmap</span><span style="color: #ABB2BF"> </span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">sC </span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">sV </span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">oA initial </span><span style="color: #D19A66">10.10</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">11.7</span><span style="color: #ABB2BF"> </span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">oA initial</span></span>
<span class="line"><span style="color: #7F848E; font-style: italic"># Nmap 7.94SVN scan initiated Sat Jul 27 01:18:24 2024 as: nmap -sC -sV -oA initial 10.10.11.7</span></span>
<span class="line"><span style="color: #ABB2BF">Nmap scan report </span><span style="color: #C678DD">for</span><span style="color: #ABB2BF"> </span><span style="color: #D19A66">10.10</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">11.7</span><span style="color: #ABB2BF"> (</span><span style="color: #D19A66">10.10</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">11.7</span><span style="color: #ABB2BF">)</span></span>
<span class="line"><span style="color: #ABB2BF">Host is up (</span><span style="color: #D19A66">0.</span><span style="color: #ABB2BF">050s latency).</span></span>
<span class="line"><span style="color: #ABB2BF">Not shown: </span><span style="color: #D19A66">998</span><span style="color: #ABB2BF"> closed tcp ports (conn</span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">refused)</span></span>
<span class="line"><span style="color: #ABB2BF">PORT     STATE SERVICE    VERSION</span></span>
<span class="line"><span style="color: #D19A66">22</span><span style="color: #56B6C2">/</span><span style="color: #ABB2BF">tcp   open  ssh        OpenSSH </span><span style="color: #D19A66">8.</span><span style="color: #ABB2BF">2p1 Ubuntu 4ubuntu0.</span><span style="color: #D19A66">11</span><span style="color: #ABB2BF"> (Ubuntu Linux; protocol </span><span style="color: #D19A66">2.0</span><span style="color: #ABB2BF">)</span></span>
<span class="line"><span style="color: #ABB2BF">| ssh</span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">hostkey: </span></span>
<span class="line"><span style="color: #ABB2BF">|   </span><span style="color: #D19A66">3072</span><span style="color: #ABB2BF"> </span><span style="color: #D19A66">48</span><span style="color: #ABB2BF">:ad:d5:b8:3a:</span><span style="color: #D19A66">9f</span><span style="color: #ABB2BF">:bc:be:f7:e8:</span><span style="color: #D19A66">20</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">1e</span><span style="color: #ABB2BF">:f6:bf:de:ae (RSA)</span></span>
<span class="line"><span style="color: #ABB2BF">|   </span><span style="color: #D19A66">256</span><span style="color: #ABB2BF"> b7:</span><span style="color: #D19A66">89</span><span style="color: #ABB2BF">:6c:0b:</span><span style="color: #D19A66">20</span><span style="color: #ABB2BF">:ed:</span><span style="color: #D19A66">49</span><span style="color: #ABB2BF">:b2:c1:</span><span style="color: #D19A66">86</span><span style="color: #ABB2BF">:7c:</span><span style="color: #D19A66">29</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">92</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">74</span><span style="color: #ABB2BF">:1c:</span><span style="color: #D19A66">1f</span><span style="color: #ABB2BF"> (ECDSA)</span></span>
<span class="line"><span style="color: #ABB2BF">|</span><span style="color: #D19A66">_</span><span style="color: #ABB2BF">  </span><span style="color: #D19A66">256</span><span style="color: #ABB2BF"> </span><span style="color: #D19A66">18</span><span style="color: #ABB2BF">:cd:</span><span style="color: #D19A66">9d</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">08</span><span style="color: #ABB2BF">:a6:</span><span style="color: #D19A66">21</span><span style="color: #ABB2BF">:a8:b8:b6:f7:</span><span style="color: #D19A66">9f</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">8d</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">40</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">51</span><span style="color: #ABB2BF">:</span><span style="color: #D19A66">54</span><span style="color: #ABB2BF">:fb (ED25519)</span></span>
<span class="line"><span style="color: #D19A66">8080</span><span style="color: #56B6C2">/</span><span style="color: #ABB2BF">tcp open  http</span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">proxy Werkzeug</span><span style="color: #56B6C2">/</span><span style="color: #D19A66">1.0</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">1</span><span style="color: #ABB2BF"> Python</span><span style="color: #56B6C2">/</span><span style="color: #D19A66">2.7</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">18</span></span>
<span class="line"><span style="color: #ABB2BF">|_http</span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">server</span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">header: Werkzeug</span><span style="color: #56B6C2">/</span><span style="color: #D19A66">1.0</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">1</span><span style="color: #ABB2BF"> Python</span><span style="color: #56B6C2">/</span><span style="color: #D19A66">2.7</span><span style="color: #ABB2BF">.</span><span style="color: #D19A66">18</span></span>
<span class="line"><span style="color: #ABB2BF">| http</span><span style="color: #56B6C2">-</span><span style="color: #ABB2BF">title: Site doesn</span><span style="color: #98C379">'t have a title (text/html; charset=utf-8).</span></span>
<span class="line"><span style="color: #98C379">|_Requested resource was http://10.10.11.7:8080/login</span></span>
<span class="line"><span style="color: #98C379">| fingerprint-strings: </span></span>
<span class="line"><span style="color: #98C379">|   FourOhFourRequest: </span></span>
<span class="line"><span style="color: #98C379">|     HTTP/1.0 404 NOT FOUND</span></span>
<span class="line"><span style="color: #98C379">|     content-type: text/html; charset=utf-8</span></span>
<span class="line"><span style="color: #98C379">|     content-length: 232</span></span>
<span class="line"><span style="color: #98C379">|     vary: Cookie</span></span>
<span class="line"><span style="color: #98C379">|     set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.ZqSBMw.1eDpb8sffZFXl0DF0iPlkuVo5LE; Expires=Sat, 27-Jul-2024 05:15:11 GMT; HttpOnly; Path=/</span></span>
<span class="line"><span style="color: #98C379">|     server: Werkzeug/1.0.1 Python/2.7.18</span></span>
<span class="line"><span style="color: #98C379">|     date: Sat, 27 Jul 2024 05:10:11 GMT</span></span>
<span class="line"><span style="color: #98C379">|     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"></span></span>
<span class="line"><span style="color: #98C379">|     <title>404 Not Found
|     Not Found
|     The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

|   GetRequest: 
|     HTTP/1.0 302 FOUND
|     content-type: text/html; charset=utf-8
|     content-length: 219
|     location: http://0.0.0.0:8080/login
|     vary: Cookie
|     set-cookie: session=eyJfZnJlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlfQ.ZqSBMw.5Dui3GDuWcHHuRnEreYKfULCyVI; Expires=Sat, 27-Jul-2024 05:15:11 GMT; HttpOnly; Path=/
|     server: Werkzeug/1.0.1 Python/2.7.18
|     date: Sat, 27 Jul 2024 05:10:11 GMT
|     
|     Redirecting...
|     Redirecting...
|     You should be redirected automatically to target URL: /login. If not click the link.
|   HTTPOptions: 
|     HTTP/1.0 200 OK
|     content-type: text/html; charset=utf-8
|     allow: HEAD, OPTIONS, GET
|     vary: Cookie
|     set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.ZqSBMw.1eDpb8sffZFXl0DF0iPlkuVo5LE; Expires=Sat, 27-Jul-2024 05:15:11 GMT; HttpOnly; Path=/
|     content-length: 0
|     server: Werkzeug/1.0.1 Python/2.7.18
|     date: Sat, 27 Jul 2024 05:10:11 GMT
|   RTSPRequest: 
|     HTTP/1.1 400 Bad request
|     content-length: 90
|     cache-control: no-cache
|     content-type: text/html
|     connection: close
|     
400 Bad request
|     Your browser sent an invalid request.
|_    
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.94SVN%I=7%D=7/27%Time=66A48328%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,24C,"HTTP/1\.0\x20302\x20FOUND\r\ncontent-type:\x20text/htm
SF:l;\x20charset=utf-8\r\ncontent-length:\x20219\r\nlocation:\x20http://0\
SF:.0\.0\.0:8080/login\r\nvary:\x20Cookie\r\nset-cookie:\x20session=eyJfZn
SF:Jlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlfQ\.ZqSBMw\.5Dui3GDuWcHHuRnEreYKf
SF:ULCyVI;\x20Expires=Sat,\x2027-Jul-2024\x2005:15:11\x20GMT;\x20HttpOnly;
SF:\x20Path=/\r\nserver:\x20Werkzeug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x
SF:20Sat,\x2027\x20Jul\x202024\x2005:10:11\x20GMT\r\n\r\n
SF:\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x203\.2\x20Final//EN\">\nRed</span></span>
<span class="line"><span style="color: #98C379">SF:irecting\.\.\.\nRedirecting\.\.\.\nYou\x20should\x2
SF:0be\x20redirected\x20automatically\x20to\x20target\x20URL:\x20
SF:f=\"/login\">/login\.\x20\x20If\x20not\x20click\x20the\x20link\.")%
SF:r(HTTPOptions,14E,"HTTP/1\.0\x20200\x20OK\r\ncontent-type:\x20text/html
SF:;\x20charset=utf-8\r\nallow:\x20HEAD,\x20OPTIONS,\x20GET\r\nvary:\x20Co
SF:okie\r\nset-cookie:\x20session=eyJfcGVybWFuZW50Ijp0cnVlfQ\.ZqSBMw\.1eDp
SF:b8sffZFXl0DF0iPlkuVo5LE;\x20Expires=Sat,\x2027-Jul-2024\x2005:15:11\x20
SF:GMT;\x20HttpOnly;\x20Path=/\r\ncontent-length:\x200\r\nserver:\x20Werkz
SF:eug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x20Sat,\x2027\x20Jul\x202024\x2
SF:005:10:11\x20GMT\r\n\r\n")%r(RTSPRequest,CF,"HTTP/1\.1\x20400\x20Bad\x2
SF:0request\r\ncontent-length:\x2090\r\ncache-control:\x20no-cache\r\ncont
SF:ent-type:\x20text/html\r\nconnection:\x20close\r\n\r\n
4
SF:00\x20Bad\x20request\nYour\x20browser\x20sent\x20an\x20invalid\x20
SF:request\.\n\n")%r(FourOhFourRequest,224,"HTTP/1\.0\x20404
SF:\x20NOT\x20FOUND\r\ncontent-type:\x20text/html;\x20charset=utf-8\r\ncon
SF:tent-length:\x20232\r\nvary:\x20Cookie\r\nset-cookie:\x20session=eyJfcG
SF:VybWFuZW50Ijp0cnVlfQ\.ZqSBMw\.1eDpb8sffZFXl0DF0iPlkuVo5LE;\x20Expires=S
SF:at,\x2027-Jul-2024\x2005:15:11\x20GMT;\x20HttpOnly;\x20Path=/\r\nserver
SF::\x20Werkzeug/1\.0\.1\x20Python/2\.7\.18\r\ndate:\x20Sat,\x2027\x20Jul\
SF:x202024\x2005:10:11\x20GMT\r\n\r\n
SF:3C//DTD\x20HTML\x203\.2\x20Final//EN\">\n404\x20Not\x20Found</ti</span></span>
<span class="line"><span style="color: #98C379">SF:tle>\n<h1>Not\x20Found</h1>\n<p>The\x20requested\x20URL\x20was\x20not\x</span></span>
<span class="line"><span style="color: #98C379">SF:20found\x20on\x20the\x20server\.\x20If\x20you\x20entered\x20the\x20URL\</span></span>
<span class="line"><span style="color: #98C379">SF:x20manually\x20please\x20check\x20your\x20spelling\x20and\x20try\x20aga</span></span>
<span class="line"><span style="color: #98C379">SF:in\.</p>\n");</span></span>
<span class="line"><span style="color: #98C379">Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel</span></span>
<span class="line"></span>
<span class="line"><span style="color: #98C379">Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .</span></span>
<span class="line"><span style="color: #98C379"># Nmap done at Sat Jul 27 01:18:42 2024 -- 1 IP address (1 host up) scanned in 17.46 seconds</span></span>
<span class="line"><span style="color: #98C379">┌─[darknite@parrot]─[~/Documents/htb/wifinetictwo]</span></span>
<span class="line"><span style="color: #98C379">└──╼ $</span></span>
<span class="line"></span></code></pre></div>



<p>Let’s access the website</p>



<figure class="wp-block-image size-large"><img decoding="async" width="1024" height="474" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20474'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-1024x474.png" alt="" class="wp-image-19631 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-1024x474.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-300x139.png 300w, https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-768x355.png 768w, https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-1536x710.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-2048x947.png 2048w, https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-600x278.png 600w, https://threatninja.net/wp-content/uploads/2024/07/Screenshot-2024-07-27-at-21.39.41-945x437.png 945w" data-sizes="(max-width: 1024px) 100vw, 1024px"></figure>



<p>It requires a credential to login to the dashboard but sadly we didn’t have any creds to play around</p>



<figure class="wp-block-image"><img decoding="async" width="1380" height="696" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201380%20696'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11.png" alt="" class="wp-image-19589 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11.png 1380w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11-300x151.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11-1024x516.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11-768x387.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11-600x303.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-11-945x477.png 945w" data-sizes="auto, (max-width: 1380px) 100vw, 1380px"></figure>



<p>As a result, let’s enter the default creds</p>



<figure class="wp-block-image"><img decoding="async" width="1380" height="794" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201380%20794'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10.png" alt="" class="wp-image-19588 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10.png 1380w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10-300x173.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10-1024x589.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10-768x442.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10-600x345.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-10-945x544.png 945w" data-sizes="auto, (max-width: 1380px) 100vw, 1380px"></figure>



<p>The dashboard interface will look something like the above</p>



<figure class="wp-block-image"><img decoding="async" width="1380" height="757" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201380%20757'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12.png" alt="" class="wp-image-19590 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12.png 1380w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12-300x165.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12-1024x562.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12-768x421.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12-600x329.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-12-945x518.png 945w" data-sizes="auto, (max-width: 1380px) 100vw, 1380px"></figure>



<p>There is nothing that we can look into in the process</p>



<figure class="wp-block-image"><img decoding="async" width="1378" height="730" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201378%20730'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13.png" alt="" class="wp-image-19591 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13.png 1378w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13-300x159.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13-1024x542.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13-768x407.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13-600x318.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-13-945x501.png 945w" data-sizes="auto, (max-width: 1378px) 100vw, 1378px"></figure>



<p>On the program platform, we can see the programs that are available to us</p>



<figure class="wp-block-image"><img decoding="async" width="1838" height="1506" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201838%201506'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15.png" alt="" class="wp-image-19593 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15.png 1838w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15-300x246.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15-1024x839.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15-768x629.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15-1536x1259.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15-600x492.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-15-945x774.png 945w" data-sizes="auto, (max-width: 1838px) 100vw, 1838px"></figure>



<p>Therefore, let’s create the st file format to be uploaded into the system interface</p>



<figure class="wp-block-image"><img decoding="async" width="1380" height="559" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201380%20559'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17.png" alt="" class="wp-image-19595 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17.png 1380w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17-300x122.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17-1024x415.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17-768x311.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17-600x243.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-17-945x383.png 945w" data-sizes="auto, (max-width: 1380px) 100vw, 1380px"></figure>



<p></p>



<figure class="wp-block-image"><img decoding="async" width="1162" height="236" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201162%20236'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23.png" alt="" class="wp-image-19601 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23.png 1162w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23-300x61.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23-1024x208.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23-768x156.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23-600x122.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-23-945x192.png 945w" data-sizes="auto, (max-width: 1162px) 100vw, 1162px"></figure>



<p>Sadly, we didn’t retrieve any reverse shell connection at all</p>



<figure class="wp-block-image"><img decoding="async" width="1378" height="799" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201378%20799'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19.png" alt="" class="wp-image-19597 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19.png 1378w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19-300x174.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19-1024x594.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19-768x445.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19-600x348.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-19-945x548.png 945w" data-sizes="auto, (max-width: 1378px) 100vw, 1378px"></figure>



<figure class="wp-block-image"><img decoding="async" width="2168" height="1156" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%202168%201156'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20.png" alt="" class="wp-image-19598 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20.png 2168w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-300x160.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-1024x546.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-768x410.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-1536x819.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-2048x1092.png 2048w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-600x320.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-20-945x504.png 945w" data-sizes="auto, (max-width: 2168px) 100vw, 2168px"></figure>



<p>We can copy-paste the c programming on the /hardware interface as shown in the screenshot above</p>



<figure class="wp-block-image"><img decoding="async" width="1380" height="711" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201380%20711'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18.png" alt="" class="wp-image-19596 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18.png 1380w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18-300x155.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18-1024x528.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18-768x396.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18-600x309.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-18-945x487.png 945w" data-sizes="auto, (max-width: 1380px) 100vw, 1380px"></figure>



<p>Sadly, we got an error when trying to save the c programming file</p>



<figure class="wp-block-image"><img decoding="async" width="2218" height="584" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%202218%20584'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2.png" alt="A screenshot of a computer program

Description automatically generated" class="wp-image-19609 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2.png 2218w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-300x79.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-1024x270.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-768x202.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-1536x404.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-2048x539.png 2048w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-600x158.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-2-945x249.png 945w" data-sizes="auto, (max-width: 2218px) 100vw, 2218px"></figure>



<p>Let’s execute the Python script as shown in the screenshot above</p>



<figure class="wp-block-image"><img decoding="async" width="1380" height="272" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201380%20272'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25.png" alt="" class="wp-image-19603 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25.png 1380w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25-300x59.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25-1024x202.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25-768x151.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25-600x118.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-25-945x186.png 945w" data-sizes="auto, (max-width: 1380px) 100vw, 1380px"></figure>



<p>Boom! We have successfully retrieved the reverse shell connection.</p>



<figure class="wp-block-image"><img decoding="async" width="886" height="176" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20886%20176'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-26.png" alt="" class="wp-image-19604 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-26.png 886w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-26-300x60.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-26-768x153.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-26-600x119.png 600w" data-sizes="auto, (max-width: 886px) 100vw, 886px"></figure>



<p>However, we managed to retrieve the shell as the root which is weird at the moment</p>



<figure class="wp-block-image"><img decoding="async" width="950" height="266" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20950%20266'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-27.png" alt="" class="wp-image-19605 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-27.png 950w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-27-300x84.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-27-768x215.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-27-600x168.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-27-945x265.png 945w" data-sizes="auto, (max-width: 950px) 100vw, 950px"></figure>



<p>We can read the user.txt flag by typing the “cat user.txt” command on the /root directory</p>



<h2 class="wp-block-heading"><span id="Escalate_to_Root_Privileges_Access">Escalate to Root Privileges Access</span></h2>



<figure class="wp-block-image"><img decoding="async" width="1286" height="216" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201286%20216'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1.png" alt="A computer screen with green text

Description automatically generated" class="wp-image-19607 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1.png 1286w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1-300x50.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1-1024x172.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1-768x129.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1-600x101.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-with-green-text-description-aut-1-945x159.png 945w" data-sizes="auto, (max-width: 1286px) 100vw, 1286px"></figure>



<p>However, there are two users including the root access </p>



<figure class="wp-block-image"><img decoding="async" width="1242" height="400" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201242%20400'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30.png" alt="" class="wp-image-19608 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30.png 1242w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30-300x97.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30-1024x330.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30-768x247.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30-600x193.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-30-945x304.png 945w" data-sizes="auto, (max-width: 1242px) 100vw, 1242px"></figure>



<p>There is nothing that we can analyze inside the Ubuntu directory</p>



<figure class="wp-block-image"><img decoding="async" width="1580" height="550" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201580%20550'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32.png" alt="" class="wp-image-19610 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32.png 1580w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32-300x104.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32-1024x356.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32-768x267.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32-1536x535.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32-600x209.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-32-945x329.png 945w" data-sizes="auto, (max-width: 1580px) 100vw, 1580px"></figure>



<p>I think of using the file that been compress download the file from source <a href="https://github.com/nikita-yfh/OneShot-C.git">here</a></p>



<figure class="wp-block-image"><img decoding="async" width="1444" height="282" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201444%20282'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33.png" alt="" class="wp-image-19611 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33.png 1444w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33-300x59.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33-1024x200.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33-768x150.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33-600x117.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-33-945x185.png 945w" data-sizes="auto, (max-width: 1444px) 100vw, 1444px"></figure>



<p></p>



<figure class="wp-block-image"><img decoding="async" width="1402" height="364" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201402%20364'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34.png" alt="" class="wp-image-19612 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34.png 1402w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34-300x78.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34-1024x266.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34-768x199.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34-600x156.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-34-945x245.png 945w" data-sizes="auto, (max-width: 1402px) 100vw, 1402px"></figure>



<p>Let’s compile the c programming file </p>



<figure class="wp-block-image"><img decoding="async" width="1506" height="316" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201506%20316'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1.png" alt="A screen shot of a computer

Description automatically generated" class="wp-image-19613 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1.png 1506w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1-300x63.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1-1024x215.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1-768x161.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1-600x126.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-1-945x198.png 945w" data-sizes="auto, (max-width: 1506px) 100vw, 1506px"></figure>



<p>Let’s start our Python server to transfer the file to the victim’s machine</p>



<figure class="wp-block-image"><img decoding="async" width="1720" height="292" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201720%20292'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36.png" alt="" class="wp-image-19614 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36.png 1720w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36-300x51.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36-1024x174.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36-768x130.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36-1536x261.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36-600x102.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-36-945x160.png 945w" data-sizes="auto, (max-width: 1720px) 100vw, 1720px"></figure>



<p></p>



<figure class="wp-block-image"><img decoding="async" width="1254" height="140" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201254%20140'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37.png" alt="" class="wp-image-19615 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37.png 1254w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37-300x33.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37-1024x114.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37-768x86.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37-600x67.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-37-945x106.png 945w" data-sizes="auto, (max-width: 1254px) 100vw, 1254px"></figure>



<p>Finally, we have successfully transferred the file to the victim’s machine</p>



<figure class="wp-block-image"><img decoding="async" width="2118" height="1416" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%202118%201416'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a.png" alt="A computer screen shot of a program

Description automatically generated" class="wp-image-19616 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a.png 2118w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-300x201.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1024x685.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-768x513.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1536x1027.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-2048x1369.png 2048w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-600x401.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-945x632.png 945w" data-sizes="auto, (max-width: 2118px) 100vw, 2118px"></figure>



<p>At last, the file managed to execute</p>



<figure class="wp-block-image"><img decoding="async" width="1098" height="470" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201098%20470'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2.png" alt="A screen shot of a computer

Description automatically generated" class="wp-image-19617 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2.png 1098w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2-300x128.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2-1024x438.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2-768x329.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2-600x257.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screen-shot-of-a-computer-description-automatic-2-945x405.png 945w" data-sizes="auto, (max-width: 1098px) 100vw, 1098px"></figure>



<p></p>



<figure class="wp-block-image"><img decoding="async" width="1378" height="703" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201378%20703'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3.png" alt="A screenshot of a computer program

Description automatically generated" class="wp-image-19618 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3.png 1378w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3-300x153.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3-1024x522.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3-768x392.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3-600x306.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-3-945x482.png 945w" data-sizes="auto, (max-width: 1378px) 100vw, 1378px"></figure>



<p></p>



<figure class="wp-block-image"><img decoding="async" width="1724" height="1556" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201724%201556'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4.png" alt="A screenshot of a computer program

Description automatically generated" class="wp-image-19619 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4.png 1724w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4-300x271.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4-1024x924.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4-768x693.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4-1536x1386.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4-600x542.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-4-945x853.png 945w" data-sizes="auto, (max-width: 1724px) 100vw, 1724px"></figure>



<p>We need to run the command above to obtain a few details that might be useful to us</p>



<figure class="wp-block-image"><img decoding="async" width="1502" height="1156" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201502%201156'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1.png" alt="A screenshot of a computer screen

Description automatically generated" class="wp-image-19620 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1.png 1502w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1-300x231.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1-1024x788.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1-768x591.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1-600x462.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-screen-description-aut-1-945x727.png 945w" data-sizes="auto, (max-width: 1502px) 100vw, 1502px"></figure>



<figure class="wp-block-image"><img decoding="async" width="1250" height="564" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201250%20564'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc.png" alt="A computer screen shot of a computer program

Description automatically generated" class="wp-image-19621 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc.png 1250w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc-300x135.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc-1024x462.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc-768x347.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc-600x271.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-computer-program-desc-945x426.png 945w" data-sizes="auto, (max-width: 1250px) 100vw, 1250px"></figure>



<p>After a while, we managed to find the information required for the next attack</p>



<figure class="wp-block-image"><img decoding="async" width="1378" height="723" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201378%20723'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44.png" alt="" class="wp-image-19622 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44.png 1378w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44-300x157.png 300w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44-1024x537.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44-768x403.png 768w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44-600x315.png 600w, https://threatninja.net/wp-content/uploads/2024/07/word-image-19577-44-945x496.png 945w" data-sizes="auto, (max-width: 1378px) 100vw, 1378px"></figure>



<p>Sadly, we haven’t been provided useful to us.</p>



<figure class="wp-block-image"><img decoding="async" width="1866" height="1358" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201866%201358'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1.png" alt="A computer screen shot of a program

Description automatically generated" class="wp-image-19623 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1.png 1866w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1-300x218.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1-1024x745.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1-768x559.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1-1536x1118.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1-600x437.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-computer-screen-shot-of-a-program-description-a-1-945x688.png 945w" data-sizes="auto, (max-width: 1866px) 100vw, 1866px"></figure>



<p>At this point, the file cannot be executed properly at all</p>



<figure class="wp-block-image"><img decoding="async" width="2860" height="1416" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%202860%201416'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1.png" alt="A screenshot of a computer

Description automatically generated" class="wp-image-19579 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1.png 2860w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-300x149.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-1024x507.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-768x380.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-1536x760.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-2048x1014.png 2048w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-600x297.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-1-945x468.png 945w" data-sizes="auto, (max-width: 2860px) 100vw, 2860px"></figure>



<p>However, we shouldn’t give up pretty easily and it pays off </p>



<figure class="wp-block-image"><img decoding="async" width="2226" height="512" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%202226%20512'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2.png" alt="A screenshot of a computer

Description automatically generated" class="wp-image-19580 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2.png 2226w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-300x69.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-1024x236.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-768x177.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-1536x353.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-2048x471.png 2048w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-600x138.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-2-945x217.png 945w" data-sizes="auto, (max-width: 2226px) 100vw, 2226px"></figure>



<p>Let’s use the wpa_passphrase on this method which can be read more <a href="https://linux.die.net/man/8/wpa_passphrase">here</a></p>



<figure class="wp-block-image"><img decoding="async" width="1722" height="516" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201722%20516'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au.png" alt="A screenshot of a computer program

Description automatically generated" class="wp-image-19585 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au.png 1722w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-300x90.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-1024x307.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-768x230.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-1536x460.png 1536w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-600x180.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-program-description-au-945x283.png 945w" data-sizes="auto, (max-width: 1722px) 100vw, 1722px"></figure>



<p>After a while, we have found a configuration on the wlan0 information </p>



<figure class="wp-block-image"><img decoding="async" width="1258" height="860" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201258%20860'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3.png" alt="A screenshot of a computer

Description automatically generated" class="wp-image-19586 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3.png 1258w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3-300x205.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3-1024x700.png 1024w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3-768x525.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3-600x410.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-screenshot-of-a-computer-description-automatica-3-945x646.png 945w" data-sizes="auto, (max-width: 1258px) 100vw, 1258px"></figure>



<p>Let’s access the local connection as root</p>



<figure class="wp-block-image"><img decoding="async" width="1002" height="216" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201002%20216'%3E%3C/svg%3E" data-src="https://threatninja.net/wp-content/uploads/2024/07/a-black-screen-with-green-text-description-automa.png" alt="A black screen with green text

Description automatically generated" class="wp-image-19578 lazy" data-srcset="https://threatninja.net/wp-content/uploads/2024/07/a-black-screen-with-green-text-description-automa.png 1002w, https://threatninja.net/wp-content/uploads/2024/07/a-black-screen-with-green-text-description-automa-300x65.png 300w, https://threatninja.net/wp-content/uploads/2024/07/a-black-screen-with-green-text-description-automa-768x166.png 768w, https://threatninja.net/wp-content/uploads/2024/07/a-black-screen-with-green-text-description-automa-600x129.png 600w, https://threatninja.net/wp-content/uploads/2024/07/a-black-screen-with-green-text-description-automa-945x204.png 945w" data-sizes="auto, (max-width: 1002px) 100vw, 1002px"></figure>



<p>We can read the root flag by typing the “cat root.txt” command</p>
				</div>
						</div>
</article>
													<div class="xl-column-12">	
	<div id="comments" class="comments-area">
					<div id="respond" class="comment-respond">
		<h3 id="reply-title" class="comment-reply-title">Leave a Reply <small><a rel="nofollow" id="cancel-comment-reply-link" href="/hack-the-box-wifinetictwo-machine-walkthrough-medium-difficulty/#respond" style="display:none;">Cancel reply</a></small></h3><form action="https://threatninja.net/wp-comments-post.php" method="post" id="commentform" class="comment-form"><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p><p class="comment-form-comment"><label for="comment">Comment <span class="required">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required></textarea></p><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required /></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required /></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200" autocomplete="url" /></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes" /> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time I comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment" /> <input type='hidden' name='comment_post_ID' value='19577' id='comment_post_ID' />
<input type='hidden' name='comment_parent' id='comment_parent' value='0' />
</p><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="fac64839a3" /></p><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="209"/><script  type="javascript/blocked" data-wpmeteor-type="text/javascript" >
/* <![CDATA[ */
document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );
/* ]]> */
</script>
</p></form>	</div><!-- #respond -->
		</div>
</div>	
			</div>
					</div>
	</div>
</section>
	<div class="footer-one">
			</div>
	</div>
	<!--===// Start: Footer =================================-->
		<footer id="footer-section" class="footer-one footer-section">
								<div class="footer-copyright">
						<div class="container-full">
							<div class="theme-columns-area">
																<div class="theme-column-12 av-md-column-12 text-center">
										<div class="widget-right">                          
											
											<div class="copyright-text">
												Copyright © 2026 Threatninja.net | Powered by Neom											</div>
										</div>
									</div>
															</div>
						</div>
					</div>
						</footer>
		<!-- End: Footer
		=================================-->

		<!-- Go To Top -->
					<button type=button class="scrollup">
				<i class="fa fa-arrow-up"></i>
			</button>
			</div>
	<script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/neom-blogger/*","/wp-content/themes/neom-blog/*","/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  id="kirki-api-and-nonce">
    window.wp_kirki = {
        ajaxUrl: "https://threatninja.net/wp-admin/admin-ajax.php",
        restUrl: "https://threatninja.net/wp-json/",
        siteUrl: "https://threatninja.net",
        apiVersion: "v1",
        postId: "19577",
        nonce: "11dfb4622b",
        call_from: "",
        templateId: "",
        context: {"id":19577,"type":"post"}
    };
    </script><script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shCore.js?ver=3.0.9b" id="syntaxhighlighter-core-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushAS3.js?ver=3.0.9b" id="syntaxhighlighter-brush-as3-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushArduino.js?ver=3.0.9b" id="syntaxhighlighter-brush-arduino-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushBash.js?ver=3.0.9b" id="syntaxhighlighter-brush-bash-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushColdFusion.js?ver=3.0.9b" id="syntaxhighlighter-brush-coldfusion-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushClojure.js?ver=20090602" id="syntaxhighlighter-brush-clojure-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCpp.js?ver=3.0.9b" id="syntaxhighlighter-brush-cpp-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCSharp.js?ver=3.0.9b" id="syntaxhighlighter-brush-csharp-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushCss.js?ver=3.0.9b" id="syntaxhighlighter-brush-css-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushDelphi.js?ver=3.0.9b" id="syntaxhighlighter-brush-delphi-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushDiff.js?ver=3.0.9b" id="syntaxhighlighter-brush-diff-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushErlang.js?ver=3.0.9b" id="syntaxhighlighter-brush-erlang-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushFSharp.js?ver=20091003" id="syntaxhighlighter-brush-fsharp-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushGo.js?ver=3.0.9b" id="syntaxhighlighter-brush-go-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushGroovy.js?ver=3.0.9b" id="syntaxhighlighter-brush-groovy-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushHaskell.js?ver=3.0.9b" id="syntaxhighlighter-brush-haskell-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushJava.js?ver=3.0.9b" id="syntaxhighlighter-brush-java-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushJavaFX.js?ver=3.0.9b" id="syntaxhighlighter-brush-javafx-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushJScript.js?ver=3.0.9b" id="syntaxhighlighter-brush-jscript-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushLatex.js?ver=20090613" id="syntaxhighlighter-brush-latex-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushMatlabKey.js?ver=20091209" id="syntaxhighlighter-brush-matlabkey-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushObjC.js?ver=20091207" id="syntaxhighlighter-brush-objc-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPerl.js?ver=3.0.9b" id="syntaxhighlighter-brush-perl-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPhp.js?ver=3.0.9b" id="syntaxhighlighter-brush-php-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPlain.js?ver=3.0.9b" id="syntaxhighlighter-brush-plain-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPowerShell.js?ver=3.0.9b" id="syntaxhighlighter-brush-powershell-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPython.js?ver=3.0.9b" id="syntaxhighlighter-brush-python-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/third-party-brushes/shBrushR.js?ver=20100919" id="syntaxhighlighter-brush-r-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushRuby.js?ver=3.0.9b" id="syntaxhighlighter-brush-ruby-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushScala.js?ver=3.0.9b" id="syntaxhighlighter-brush-scala-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushSql.js?ver=3.0.9b" id="syntaxhighlighter-brush-sql-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushSwift.js?ver=3.0.9b" id="syntaxhighlighter-brush-swift-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushVb.js?ver=3.0.9b" id="syntaxhighlighter-brush-vb-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushXml.js?ver=3.0.9b" id="syntaxhighlighter-brush-xml-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushYaml.js?ver=3.0.9b" id="syntaxhighlighter-brush-yaml-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript" >
	(function(){
		var corecss = document.createElement('link');
		var themecss = document.createElement('link');
		var corecssurl = "https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b";
		if ( corecss.setAttribute ) {
				corecss.setAttribute( "rel", "stylesheet" );
				corecss.setAttribute( "type", "text/css" );
				corecss.setAttribute( "href", corecssurl );
		} else {
				corecss.rel = "stylesheet";
				corecss.href = corecssurl;
		}
		document.head.appendChild( corecss );
		var themecssurl = "https://threatninja.net/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?ver=3.0.9b";
		if ( themecss.setAttribute ) {
				themecss.setAttribute( "rel", "stylesheet" );
				themecss.setAttribute( "type", "text/css" );
				themecss.setAttribute( "href", themecssurl );
		} else {
				themecss.rel = "stylesheet";
				themecss.href = themecssurl;
		}
		document.head.appendChild( themecss );
	})();
	SyntaxHighlighter.config.strings.expandSource = '+ expand source';
	SyntaxHighlighter.config.strings.help = '?';
	SyntaxHighlighter.config.strings.alert = 'SyntaxHighlighter\n\n';
	SyntaxHighlighter.config.strings.noBrush = 'Can\'t find brush for: ';
	SyntaxHighlighter.config.strings.brushNotHtmlScript = 'Brush wasn\'t configured for html-script option: ';
	SyntaxHighlighter.defaults['collapse'] = true;
	SyntaxHighlighter.defaults['light'] = true;
	SyntaxHighlighter.defaults['pad-line-numbers'] = false;
	SyntaxHighlighter.all();

	// Infinite scroll support
	if ( typeof( jQuery ) !== 'undefined' ) {
		jQuery( function( $ ) {
			$( document.body ).on( 'post-load', function() {
				SyntaxHighlighter.highlight();
			} );
		} );
	}
</script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  id="essential-blocks-blocks-localize-js-extra">
/* <![CDATA[ */
var eb_conditional_localize = [];
var EssentialBlocksLocalize = {"eb_plugins_url":"https://threatninja.net/wp-content/plugins/essential-blocks/","image_url":"https://threatninja.net/wp-content/plugins/essential-blocks/assets/images","eb_wp_version":"6.9","eb_version":"6.1.0","eb_admin_url":"https://threatninja.net/wp-admin/","rest_rootURL":"https://threatninja.net/wp-json/","ajax_url":"https://threatninja.net/wp-admin/admin-ajax.php","nft_nonce":"8950b670ad","post_grid_pagination_nonce":"4dd5b461c4","placeholder_image":"https://threatninja.net/wp-content/plugins/essential-blocks/assets/images/placeholder.png","is_pro_active":"false","upgrade_pro_url":"https://essential-blocks.com/upgrade","responsiveBreakpoints":{"tablet":1024,"mobile":767},"wp_timezone":"Asia/Kuala_Lumpur","gmt_offset":"8"};
//# sourceURL=essential-blocks-blocks-localize-js-extra
/* ]]> */
</script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/essential-blocks/assets/js/eb-blocks-localize.js?ver=31d6cfe0d16ae931b73c" id="essential-blocks-blocks-localize-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/jquery.ripples.min.js?ver=6.9.4" id="jquery-ripples-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/isotope.pkgd.js?ver=6.9.4" id="isotope-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/jquery.countdown.min.js?ver=6.9.4" id="countdown-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/jquery.counterup.min.js?ver=6.9.4" id="counterup-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/jquery.magnific-popup.min.js?ver=6.9.4" id="magnific-popup-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/imagesloaded.min.js?ver=6.9.4" id="imagesloaded-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/masonry.min.js?ver=6.9.4" id="masonry-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/anime.min.js?ver=6.9.4" id="anime-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/wow.min.js?ver=6.9.4" id="wow-min-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/theme.min.js?ver=6.9.4" id="neom-theme-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/pro.js?ver=6.9.4" id="neom-pro-js-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/themes/neom-blog/assets/js/custom.js?ver=6.9.4" id="neom-custom-js-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-includes/js/comment-reply.min.js?ver=6.9.4" id="comment-reply-js" async="async" data-wp-strategy="async" fetchpriority="low"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  id="q2w3_fixed_widget-js-extra">
/* <![CDATA[ */
var q2w3_sidebar_options = [{"use_sticky_position":false,"margin_top":0,"margin_bottom":0,"stop_elements_selectors":"","screen_max_width":0,"screen_max_height":0,"widgets":[]}];
//# sourceURL=q2w3_fixed_widget-js-extra
/* ]]> */
</script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/q2w3-fixed-widget/js/frontend.min.js?ver=6.2.3" id="q2w3_fixed_widget-js"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/code-block-pro/build/front/front.js?ver=897e78bb623a899126f1" id="kevinbatdorf-code-block-pro-view-script-js" data-wp-strategy="defer"></script>
<script  type="javascript/blocked" data-wpmeteor-type="text/javascript"  id="kevinbatdorf-code-block-pro-view-script-js-after">
/* <![CDATA[ */
window.codeBlockPro = {"pluginUrl":"https:\/\/threatninja.net\/wp-content\/plugins\/code-block-pro\/"};
//# sourceURL=kevinbatdorf-code-block-pro-view-script-js-after
/* ]]> */
</script>
<script  defer type="javascript/blocked" data-wpmeteor-type="text/javascript"  data-wpmeteor-src="https://threatninja.net/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1777109088" id="akismet-frontend-js"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://threatninja.net/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}}
</script>
<script  type="javascript/blocked" data-wpmeteor-type="module" >
/* <![CDATA[ */
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://threatninja.net/wp-includes/js/wp-emoji-loader.min.js
/* ]]> */
</script>

</body>
</html>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/?utm_source=w3tc&utm_medium=footer_comment&utm_campaign=free_plugin

Lazy Loading

Served from: threatninja.net @ 2026-05-07 02:52:54 by W3 Total Cache
-->
Threatninja.net

Threatninja.net
