10 May 2021

Pentesting Fun Stuff

following the cyber security path…

Digitalworld.local: JOY

https://www.vulnhub.com/entry/digitalworldlocal-joy,298/

nmap scan for open ports + services

SMB

FTP

Downloading all files

Result:

Reading all the files

The file version_control seems interesting.
From the SMB enumeration we know there is a user ftp.
So copying this file from the home folder of patrick to the home folder of ftp should work.

There are several known exploits to be found on the internet.
This one I’m using: https://github.com/t0kx/exploit-CVE-2015-3306

Inside the python script is the parameter to use:

Getting a revser shell with this backdoor

Payload:

Result:

Time for the recon phase

First get access to the folder

Then change the content of the file test and run it with the sudo command

Final part

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.