Sar is a very small machine centered around a vulnerable sar2HTML installation that provides RCE.
Target: Sar
Initial vector: sar2HTML 3.2.1 RCE
Privilege escalation: (lab‑dependent, not fully explored here)
/robots.txt reveals:
/sar2HTML
Nmap http-enum also finds:
/phpinfo.php /sar2HTML (case sensitive)
Version:
sar2HTML 3.2.1
Use the public exploit:
https://github.com/AssassinUKG/sar2HTML/blob/main/sar2HTMLshell.py
Example usage:
$ python3 exploit.py -ip 192.168.226.35/sar2HTML
In this lab environment, reverse connections were unstable, but the intended path is to obtain a shell via the sar2HTML RCE and then proceed with standard Linux enumeration and privilege escalation.