search

WDavid404 / PG-Box

PG box workthough note
0 stars 0 forks source link

Press (Intermediate) #41

Open WDavid404 opened 1 month ago

WDavid404 commented 1 month ago

Keypoints:

WDavid404 commented 1 month ago 
PORT      STATE    SERVICE        REASON         VERSION
22/tcp    open     ssh            syn-ack ttl 61 OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
80/tcp    open     http           syn-ack ttl 61 Apache httpd 2.4.56 ((Debian))
8089/tcp  open     http           syn-ack ttl 61 Apache httpd 2.4.56 ((Debian))
|_http-generator: FlatPress fp-1.2.1
|_http-server-header: Apache/2.4.56 (Debian)

80/tcp ---> Design: TemplateMo

8089/tcp --> FlatPress Search exploit info about FlatPress -->

In the source code of http://192.168.221.29:8089/index.php/2023/06/17/welcome-to-flatpress/ image --> Flatpress 1.2.1

But, to use exploits, we need to have username and password. Try admin:password on /admin.php ---> succeed!

Based on the instruction info on the exploit Flatpress 1.2.1 - File upload bypass to RCE Vulnerebility We got a reverse shell successfully. image

sudo -l --> image Refer to https://gtfobins.github.io/gtfobins/apt-get/ --> image image