THE PLANETS: MERCURY Walkthrough - VulnHub
Introduction Getting back to CTF solving after a looong break, is a difficult task. So, I decided to proceed with an EASY challenge, and VulnHub was the obvious choice to find the one. In few searches, I found a perfect machine to start with - 'The Planets: Mercury' . This boot2root machine had 2 flags: USER & ROOT. The USER flag can be obtained by SQLi ==> Creds ==> SSH ==> FLAG . The ROOT flag is were an interesting PrivEsc lie in. Hope you find this writeup interesting & useful! Information Gathering Port Scan: Nmap To begin with reconnaissance, let's find out open ports with Nmap, with service version enumerations: Port 8080 So this looks like a simple page with no secrete or hint. Let's try accessing some common directories: Visiting ' admin ' directory, we got the error page. This happened as the site is built on Django with Debug set to True . Luckily for us, the URL Configuration is being reflected on error page. Let'