🐧CyberSploit1

192.168.84.92

Enumeration

nmap 192.168.84.92 -p- -sV

Port 22

Banner grab.

Port 80

Found at site source code at 192.168.84.92

Robots.txt

Converted from Base64 : cybersploit{youtube.com/c/cybersploit}

Nikto scan

nikto -h http://192.168.84.92/ -C all

Shell

Had to get a hint and cybersploit{youtube.com/c/cybersploit} is the ssh password.

Did not find anything interesting looking through the files. Grabbed and ran Linpeas.

Tried CVE-2018-13665, unsuccessful. Using CVE-2015-8660 from https://www.exploit-db.com/exploits/37292

Copied the code.

touch exploit.c #made file for exploit.
nano exploit.c #paste code from exploit into file and saved.
gcc exploit.c #compiled exploit
./a.out #ran exploit

Root

PreviousMoneyBox NextWpawn

Last updated 2 years ago

Was this helpful?