首頁 » Posts

Lame (Hack The Box Writeup)

2021-09-05 · 1 分鐘 · steven

滲透測試 Hack the Box

目錄

URL : https://app.hackthebox.eu/machines/Lame

IP : 10.129.197.50

Info gathering

Port Scanning21,22,139,445,3632- Anonymous FTP
SMB
3632 Port distccd

File Protocol

Try anonymous login FTP
It’s emptyTry anonymous login SMB-
There are tmp and opt folder
Access tmp folder
Download all file

Exploit Distccd

Distccd_rce_CVE-2004-2687https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855
Run Reverse shell-
Get User Flag-

Privilege escalation

Run LinPEASNFS Exploit?- Eterm SGID Binary?- nmap SUID !!Nmap GTFOBins- Shell (2) Interactive shellhttps://gtfobins.github.io/gtfobins/nmap/#suid
nmap --interactive
nmap> !shGet Root Flag-