TESTING METHODOLOGIES
We can start the enumeration using nmap scan
nmap -sC -sV 10.10.10.6
The output shows that there are two ports open 22 (SSH) , 80 (HTTP)
By visiting HTTP we get a It works page
Seems like there is no interesting so we can do further enumeration by doing a directory brute force
So there is a directory called torrent , By visiting this we have page called torrent hoster
Now we can see that we have an upload page but we need an account by creating an account we can create a torrent
By uploading an torrent file there is an option to add an image as a thumbnail
We can upload a php shell by uploading a php shell with an image extension and intercepting the request on burpsuite and changing the extension to php
By changing the gif extension to php the file gets uploaded and we can access it in the /uploads directory
Privilege escalation
There are two privilege escalation methods in this box
- First one is a kernel exploit
- Second one is
Comments
Post a Comment