infraProhard

Подземелье (Dungeon)

hackerlab

Task: Pentest machine with Pluck CMS 4.7.13 on web and SSH service. Solution: Brute force CMS password, exploit CVE-2020-29607 for RCE, find base64-encoded SSH credentials, escalate to root via SUID cp binary to overwrite /etc/passwd.

web_shell ssh privilege_escalation pluck_cms cve_2020_29607 password_bruteforce file_upload_rce suid_exploitation base64_credentials etc_passwd_manipulation

$ ls tags/ techniques/

web_shell ssh privilege_escalation pluck_cms cve_2020_29607 password_bruteforce file_upload_rce suid_exploitation base64_credentials etc_passwd_manipulation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups