Traceback was the first machine I did return back to HackTheBox. Just fresh off my OSCP journey I wanted to do a refresher. I started by running Autorecon:
Looked up Xh4H and web shell. Logged in with admin/admin
Dashboard of the SMEVK.php shell.
Created myself a Public Key:
Luvit was running sysadmin privs. Executed a Shell –
Added myself to authorized keys under sysadmin.
Snapshot of LinPEAS showing MOTD is being run by group sysadmin
Noticed this was the header files when logging into SSH.
Logged out of SSH and logged back in:
Captured the root flag upon logging back into ssh.