Matsudo Writeup
Step into the shoes of a penetration tester and tackle this realistic SSH-based challenge. This server might look secure from the outside, but weak credentials and dangerous sudo configurations could be your ticket to complete system compromise. 🎯 Master the art of reconnaissance, brute-force attacks, and privilege escalation in this hands-on Linux exploitation scenario
Link to Lab: https://hackerdna.com/labs/matsudo
-
USER FLAG
-
Ran NMAP on Target IP

- Connected to SSH using Anonymous Credentials
- Saw that owner of servers name is Charlie
- Could not connect via anonymous any further
- Use Hydra to Brute-Force SSH Password
- `hydra -l [username] -P [path_to_wordlist] ssh://[target_ip]
- User Name: charlie
- PW: ?????
- `hydra -l [username] -P [path_to_wordlist] ssh://[target_ip]
- SSH into system using credentials
- Search system for user flag and enter into portal
-
ROOT FLAG
- Ran
sudo -lto see user permissions on device- User has access to Sudo Edit
- Use permissions to edit Sudoers file and give user root access
- Edit /etc/sudoers using sudoedit
sudoedit Sudoers
- Add proper permissions for user in user access section
charlie=(ALL) NOPASSWD:ALL
- Edit /etc/sudoers using sudoedit
- Check to see if root escalation worked
sudo su -whoami=root
- Located root flag and submit to portal
- Ran