Rce | Hackin with PJ131

Latest Write-ups

2024-06-03

proving-grounds linux flatpress rce webshell sudo apt-get gtfobins

Proving Grounds - Press

Box Overview Press is a Linux machine from Offensive Security’s Proving Grounds featuring exploitation of FlatPress CMS and privilege escalation through apt-get sudo misconfiguration. Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.227.29 -T4 -oN first.scan -p- Open Ports: 22/tcp - SSH (OpenSSH 8.4p1 Debian) 80/tcp - HTTP (Apache 2.4.56) - “Lugx Gaming Shop HTML5 Template” 8089/tcp - HTTP (Apache 2.4.56) - FlatPress fp-1.2.1 ✅ Service Identification Port 8089 is running FlatPress - a flat-file blogging engine (no database required).

Proving Grounds - Hub

Box Overview Hub is a Linux machine from Offensive Security’s Proving Grounds featuring FuguHub - a web-based file server with an unauthenticated remote code execution vulnerability. This box demonstrates the importance of patching known CVEs and proper authentication mechanisms. Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.229.25 -T4 -oN first.scan Open Ports: 22/tcp - SSH (OpenSSH 8.4p1 Debian) 80/tcp - HTTP (nginx 1.18.0) - 403 Forbidden 8082/tcp - HTTP (Barracuda Embedded Web Server) - FuguHub 9999/tcp - HTTPS (Barracuda Embedded Web Server) - FuguHub SSL Service Analysis Port 8082 - FuguHub Interesting findings:

Proving Grounds - Jacko

Box Overview Jacko is a Windows machine from Offensive Security’s Proving Grounds demonstrating H2 Database exploitation for remote code execution and privilege escalation via SeImpersonate token abuse. Difficulty: Intermediate (though arguably easier) Enumeration Nmap Scan sudo nmap -sS -sC -A [TARGET_IP] -T4 -oN first.scan -p- Key ports identified: Port 8082 - H2 Database Console (web interface) Port 22 - SSH Additional Windows services H2 Database Console - Port 8082 Accessing http://[TARGET_IP]:8082 reveals the H2 Database Console - a web-based SQL interface.