192.168.129.89
Nmap scan
nmap -sV -p- 192.168.129.89 -A
Wpscan
Worpress Login Page : http://192.168.129.89/wp-login.phparrow-up-right
Found Secret.txt through Robots.txt
The base64 decodes to a private id_rsa key.
Using the id_rsa key and the OSCP user name found on port 80. I get a shell.
Dropped Linpeas on this machine and ran.
Intersting bash binary that has suid but unable to get root privileges with it.
Had to look at a hint.
Had tried to escalate privileges with /usr/bin/bash as I saw that it was had suid. But did not know about the -p that needed to be added.
Source : https://stackoverflow.com/questions/63689353/suid-binary-privilege-escalationarrow-up-right
Template partially from 0xC0FFEE https://notes.benheater.com
Last updated 3 years ago
wpscan --url http://192.168.129.89:80/
