Tag
This was an intermediate Linux machine and the last in the Overpass TryHackMe series, it involved discovering a backup archive stored on the webserver, which contained encrypted user credentials that are then used to connect to the FTP server and uploading a PHP reverse shell to gain initial access. Root access was then obtained by exploiting an open NFS share with the no_root_squash option enabled.
Read moreThis was an easy Linux machine and the second in the Overpass TryHackMe series. It involved analyzing a capture file containing requests issued by an attacker to compromise the web server, escalate privileges to root and establish persistence, in order to understand the exact steps followed to do so, and then using that information to hack back into the host.
Read moreThis was an intermediate Linux machine that involved exploiting a remote code execution vulnerability in the CuteNews web application to gain initial access, exposed user password hashes to gain a user shell, and a vulnerability in the USBCreator D-Bus interface to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved exploiting a remote code execution in GitLab to gain initial access, an exposed root password and a misconfigured docker container to escalate privileges to root.
Read moreThis was a very easy Linux machine and the first in the Overpass TryHackMe series. It involved adding a custom cookie to bypass web authentication in order to gain initial access and exploiting a cron job to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting a blind SQL injection vulnerability in Joomla to gain initial access, exposed database credentials to gain user access, and the Yum package manager with Sudo permissions allowed to escalate privileges to root.
Read moreDuring a penetration test, when obtaining access to a remote Linux host via a reverse/bind shell, it can be very painful to issue certain commands over it and it is often a much better option to obtain an interactive shell. These are the main reason why this is a good idea:
This article will list the various commands that can be used to obtain a TTY shell and also how to turn it into a fully interactive shell.
Read moreSudo is a program for Unix-like operating systems that allows users to run programs with the security privileges of another user, by default the superuser. It originally stood for “superuser do” as the older versions of Sudo were designed to run commands only as the superuser. It is commonly used in scenarios where normal users need to be able to perform actions as root.
Over the years, certain versions of Sudo were found to be affected by vulnerabilities that allowed attackers to escalate privileges to root, this guide will demonstrate how to identify a vulnerable Sudo version and how to exploit it in order to perform privilege escalation.
Read moreThis was an easy Linux machine that involved exploiting a WordPress plugin to gain access to the wp-config.php file which contained database credentials and uploading a malicious plugin into WordPress to gain remote access. Privilege escalation was then possible by exploiting a clear-text password left in the BASH history or an insecure cron job.
Read moreThis was an intermediate Linux box that involved exploiting an insecure AWS S3 bucket to upload a PHP reverse shell to gain remote access, using credentials found in an unprotected DynamoDB database to gain a user shell and exploiting a vulnerable PHP script to extract the root user’s private SSH keys and escalate privileges to root through the DynamoDB database.
Read more