Scribd
Upload
56 views8 pages

ICMP

The document outlines a process for exploiting a target machine using Nmap to find open ports and identifying a vulnerability in an HTTP service. It details the steps to set up a reverse shell using a renamed exploit script, gain access to user credentials, and escalate privileges to obtain the root shell. The final steps involve using hping3 for privilege escalation and logging in as the root user with the obtained SSH key.

Uploaded by

expertonlineclasses4011
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
56 views8 pages

ICMP

The document outlines a process for exploiting a target machine using Nmap to find open ports and identifying a vulnerability in an HTTP service. It details the steps to set up a reverse shell using a renamed exploit script, gain access to user credentials, and escalate privileges to obtain the root shell. The final steps involve using hping3 for privilege escalation and logging in as the root user with the obtained SSH key.

Uploaded by

expertonlineclasses4011
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

ICMP

Nmap scan to find the open ports on the target

Enumeration on HTTP

I found a version info disclosure,manually check fot its exploits or I use to searchsploit to found the
exploit through this command

Searchsploit monitor

2> VULNERABILITY
I Have renamed this exploit to rce.py

EXPLOIT
Now setup a netcat listener on our target machine as this script is using a reverse shell concept,it will
be connect to us on a port.started listening on port no 1234

Run the exploit with python & target ip and attacker ip

I got the shell on port no 1234

Privilege escalation
I got local.txt here
I got the password of fox user here in devel/crypt.php

I start privilege with sudo –l and got /usr/sbin/hping3 --icmp * and search in GTFOBIN for hping3

SSH as for on a terminal


Open a second terminal and such as a fox user now we are running both sessions on 127.0.0.1

On the second terminal set up a listener session

sudo hping3 --icmp 127.0.0.1 --listen signature –safe

now go to your first terminal where first established ssh session as a fox is
sudo /usr/sbin/hping3 –icmp 127.0.0.1 –d 100 –sign signature –file /root/.ssh/id_rsa

bingo!! I got id_rsa here

Now copy the id_rsa into a file and change the permission

Now we will login as a root user on target machine using this id_rsa and got the root shell.

You might also like