🐧Solstice

192.168.234.72

Enumeration

Nmap scan

nmap 192.168.234.72 -sV -A -Pn -p-

Port 21

FTP does not allow anonymous login.

Port 22

Banner Grab

Port 25

Nmap Vuln Scan

Port 80

After lots of searching I found this.

Dirbuster Scan

Port 2121

FTP on this port does allow anonymous login but no files are found just a folder. With sticky perms.

Port 3128

Dirbuster

Port 8593

Dirbuster Scan

Lots of files in http://192.168.234.72:8593/index.html

Found that index.php takes a parameter. Possible exploit.

Port 54787

Did not find a lot about this port only had an index.php page.

Port 8593 - Revisited

Testing the book parameter. Found that this is vulnerable to Local File Inclusion.

This is where I got stuck for a few hours. I had to get a hint. After looking at a write up then doing much research on the exploit I was able to continue. Added notes about Apache to https://notes.aesirsec.io/web-apps/apache Will continue this box when I have more time I was able to get a shell but this box keeps crashing on me.

python -c 'import pty; pty.spawn("/bin/bash")'