Stuntman Mike

Nmap Result shows ssh and splunk service on 8089

Looked in to Splunk app but it's a deadend (call it a rabbit hole😩)

decided to play around with the ssh since I have no credential yet and I was greeted by a name revealing message, thanks Mike. We also got a flag.

Since we have a user make, whuy not brute force the password with rockyou.tx and see where it lead.

Yup, leads to a valid password

first instinct for privilege escalation is to try the sudo -l command which shows us all the privileged commands we can run on a machine, and in this case, ALL commands.

Easy peasy😒