Nmap Output:

 

 

Since we do not have any user information, we can go directly to the website. :D

 

 

strange program greets us on the home page. We see that when we give encrypted Python code with the Brainfuck method, it runs.

 

 

Then the thing to do is simple.

 

 

Let's encode our Python reverse shell code with brainfuck and listen to our port.

 

 

Done.

 

 

we got our user flag.

 

 

 

getcap / -r 2>/dev/null

this command used to check the capabilities of files and directories.

 

openssl?

 

The openssl vulnerability I found by searching the internet is as follows.

 

 

this code when executed, changes the user ID of the process to root and then starts a new shell session ("/bin/sh").

 

 

sudo gcc -fPIC -o a.o engine.c & gcc -shared -o engine.so -lcrypto a.o

 

this command compiles the C source code, engine.c, into an object file (a.o) and then creates a shared library (engine.so) from that object file. The shared library can be used by other programs to access its functionality

 

 

After giving permission to run, let's run our suid (0) code and become root.