Mercury Vulnhub Machine

This project involved exploiting the Mercury machine from VulnHub to gain user and root access. The process included reconnaissance to identify open ports, web enumeration to discover hidden subdirectories and vulnerabilities, and SQL injection using sqlmap to extract sensitive data from the database. Using an admin token, we accessed restricted parts of the website, eventually retrieving the user flag.

For privilege escalation, we exploited a base64-encoded password to gain access to the linuxmaster user. We then identified a vulnerable script running with sudo permissions and used symlink exploitation to gain root access and retrieve the root flag.

The goal of this project was to demonstrate skills in SQL injection, privilege escalation, and symlink exploitation, showcasing techniques for penetration testing and vulnerability exploitation.

Screenshots