NETWORK
ENUMERATION
FOOTHOLD
We have found a login page but somehow we are not able to bypass the login form (via web)
but using our list of credentials https://tutorials-raspberrypi.com/raspberry-pi-default-login-password/
on SSH we get a hit using these default credentials
PRIV ESCALATION
While on the box sudo -l reveals that we can run the sudo command (without the need of any password). We then use that command to get access to the root account
CAPTURE FLAG
Let’s first see where the /media/usbstick is mount to
Now we can retrieve the information using the following command
cat /dev/sdb
