Suid

  • Published on
    RaspberryPi device that ran PiHole, which had default credentials. Once foothold was obtained, root was a simple sudo -l.
  • Published on
    Eventually landed upon finding SQLi on /room.php?cod=, so we dump databases with sqlmap. Foothold is a simple phpMyAdmin credential login, then a phpMyAdmin 4.8.0 exploit to gain a shell. Root was obtained from exploiting root.service.