richnadeau
commented
2 years ago Spun up a CentOS 7 VM today and configured it onto Foster's Workstation network. Started installing services needed to configure and run this exploit.
Closed richnadeau closed 2 years ago
richnadeau
commented
2 years ago Spun up a CentOS 7 VM today and configured it onto Foster's Workstation network. Started installing services needed to configure and run this exploit.
richnadeau
commented
2 years ago Had to switch vulnerabilities as we want more of an attack that will give the ethical attacker admin access to the target server rather than just the web app. We have now started research and configuration for this exploit on a Windows Server which would allow remote code injection onto the server. We have not gotten it to work yet which is why we don't have a video demo of our environment yet. We met yesterday to start researching/configuring the environment and will again meet tomorrow to try and get this vulnerability up and running on the target server, we have plenty of back up vulnerabilities that I will try to install this weekend on my personal VM environment if we do not make any progress.
Here are some more references we are using to troubleshoot setting up this exploit.
richnadeau
commented
2 years ago The phpMyAdmin exploit was a success but now we are trying to figure out how we can make this exploit give root access as well as what naming conventions we can use for the hostname. Also, need to polish things up a little bit.
richnadeau
commented
2 years ago Polished up server, cleared history, and set the hostname to "nancurunir" to make it match the storyboard. Made VM compatible with VMware 15.x and exported to OVF to send to Devin. Shared with him Zipped file with OVF on Google Drive.
Creation and configuration of Target Server 1 needs to be completed. Richie Nadeau (me) will be assigned to this task.