๐ŸงWalla

IP: 192.168.116.97

Enumeration

Nmap scan

nmap  -p- 192.168.116.97 -sV -A

The only port that stands out on this machine is 8091. Found that this page is running RaspAP. Found that a quick google for RaspAP default credentials gets me into the site. admin:secret.

Found a nice console๐Ÿ˜ˆ

Shell

Tried a few shells and one came through.

Dropped Linpeas on this machine and ran it. Interesting service we can edit.

Added a reverse shell script so when the service was ran it would spawn a shell. But no way to reboot the machine or restart the service.

Sudo -l

wifi_reset.py is missing the wificontroller.py module.

Made the module. Echoed reverse shell into wificontroller.py

Ran script.

Root

Last updated