10 May 2021

Pentesting Fun Stuff

following the cyber security path…

Symfonos 5

Nmap scan for open ports + services

Webserver first

/home.php is redirected to /admin.php
response in burpsuite from home.php

A parameter (url) which can be used for local file inclusion (LFI).
Trying to read some local files, like /etc/passwd

Result:

This works, so trying for the admin.php file

Result:

Useful information for ldap

Credentials (base64 encoded)

If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access (source = https://gtfobins.github.io/gtfobins/dpkg/)

Root acces. Final part.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.