🐧Exfiltrated

IP: 192.168.116.163

Enumeration

Nmap scan

nmap -sV -p- 192.168.116.163 -A

Port 80

Had to add 192.168.116.163 exfitrated.offsec to /etc/hosts

Dirbuster scan

Robots.txt

Found at /panel/

Admin:Admin allows me to log in here.

Found this CMS has known exploits.

Webshell

Shell

Getting a normal shell.

Stabilized shell.

Dropped and ran Linpeas on machine. Found interesting cron job.

After about an hour I had to get a hint here. I could not figure out how to get the exif data into a jpg.

https://github.com/OneSecCyber/JPEG_RCEarrow-up-right Was able to add reverse shell to the jpg file.

Re-uploaded through admin panel.

Root

And a minute later when the cron job ran.

Last updated