CyberSploit1
nmap
(base) [psdon@arch CyberSploit1]$ mkdir nmap
(base) [psdon@arch CyberSploit1]$ sudo rustscan -a 192.168.217.92 --ulimit 5000 -t 2000 -- -T4 -A -oA nmap/all-ports-service-scan
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy :
: https://github.com/RustScan/RustScan :
--------------------------------------
Real hackers hack time β
[~] The config file is expected to be at "/root/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
Open 192.168.217.92:22
Open 192.168.217.92:80 A web server on port 80 is open
Let's checked the source code of the page, and we can find a possible username on there.
Let's also checked the robots.txt and as you can see, we have found a base64 encoded string
We can decode it by executing the following command
Exploitation
Let's try to log in using the username of itsskv and use the decoded string as a password
Looks like we have successfully gained an initial shell. Sweet :D
Post Exploitation
First, let's transfer linpeas.sh from our machine to the target machine
You can find the machine IP address by executing the following.
Then transfer the script using wget
And now we can run linpeas.sh
Right of the bat, you can see the version of the Linux Kernel it is running.
We can check this Linux Kernel version with searchsploit and I found out it is vulnerable to overlayf exploit.
Privilege Escalation
Let's mirror the exploit to our current working directory, and copy the content of the file to the clipboard
And paste it to the target machine
We can compile the C source code using gcc binary installed in the target machine. And right after running the exploit, we got root in the target machine.
Thanks, and enjoy! :D
Last updated
Was this helpful?