10 May 2021

Pentesting Fun Stuff

following the cyber security path…

Digitalworld.local: JOY


nmap scan for open ports + services



Downloading all files


Reading all the files

The file version_control seems interesting.
From the SMB enumeration we know there is a user ftp.
So copying this file from the home folder of patrick to the home folder of ftp should work.

There are several known exploits to be found on the internet.
This one I’m using: https://github.com/t0kx/exploit-CVE-2015-3306

Inside the python script is the parameter to use:

Getting a revser shell with this backdoor



Time for the recon phase

First get access to the folder

Then change the content of the file test and run it with the sudo command

Final part

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.