Blackpearl

  1. ffuf give us nothing

  2. dnsrecon -r 127.0.0.0/24 -n 10.0.2.X -d blah

    1. blackpearl.local 127.0.0.1

  3. add this info inside your /etc/hosts

  4. access blackpearl.local and see php page

  5. try ffuf inside this new page

  6. finded /navigate

  7. search google -> navigate cms exploit

  8. find Metasploit

    1. set LHOST

    2. set VHOST (blackpearl.local)

    3. run

    4. shell

  9. user www-data

  10. need to use privilege escalation

  11. spawn tty shell (search google)

  12. run linPEAS to privilege escalation

    1. find SUID binaries

    2. find / -type f -perm -4000 2>/dev/null

  13. GRFObins

    1. suid

    2. use php module

  14. /usr/bin/php7.3 XXXX(CODE_SUID_FROM_GRFOBINS)

  15. DONE

PreviousButler

Last updated