🐧SoSimple

192.168.90.78

Enumeration

Nmap scan

nmap 192.168.90.78 -p- -sV -Pn -A

Port 22

No banner

Port 80

Running wpscan found that wordpress had vulnerable Social Warfare plugin installed. Source: https://github.com/shad0w008/social-warfare-RCEarrow-up-right

Shell

Had a shell.. Box timed out... Thanks Offsec. New IP 192.168.105.78

Upgraded shell

Found max's ssh key in /home/max/.ssh/id_rsa. SSH back in as max.

Max's sudo perms.

Was able to switch user's to steven.

Found that /opt/tools/server-health.sh did not exist. Made the directories then made the reverse shell.

Ran server-health.sh as root using.

Root

Did not have to use a write up or hint to root this box.

Last updated