Отцы-основатели (Founding Fathers)

hackerlab

Task: WordPress 6.5.2 with My Calendar 3.4.21 plugin and SSH on Ubuntu. Solution: CVE-2023-6360 unauthenticated time-based blind SQLi to extract wp_users hashes → crack phpass with rockyou → SSH as mansory → sudo wildcard path traversal to read /root/last_part.

sqli path_traversal password_cracking ssh wordpress privilege_escalation time_based_blind my_calendar phpass sudo_wildcard cve_2023_6360

wordpress_rest_api_user_enumerationcve_2023_6360_sqlitime_based_blind_sqli_binary_searchphpass_hash_cracking_rockyousudo_wildcard_path_traversal

$ ls tags/ techniques/

sqli path_traversal password_cracking ssh wordpress privilege_escalation time_based_blind my_calendar phpass sudo_wildcard cve_2023_6360

wordpress_rest_api_user_enumerationcve_2023_6360_sqlitime_based_blind_sqli_binary_searchphpass_hash_cracking_rockyousudo_wildcard_path_traversal

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pentest][Pro]Искатель— hackerlab
[infra][Pro]Возрождение (Rebirth)— hackerlab
[infra][Pro]Логово хакера (Hacker's Lair)— hackerlab
[infra][Pro]Скрипт-кидди (Script-kiddie)— hackerlab
[infra][Pro]Основа (Foundation)— hackerlab