Jupyter Notebook
A Jupyter Notebook instance was identified on the target Web server on the port 8888 of the DEV-DATASCI-JUP(10.10.232.68) host. A successful authentication was made using the token found in the found in the datasci-team SMB share.
Jupyter Notebook supports code execution as it is a web-based IDE.
Opening up the existing project; weasel.ipynb
Currently, it’s set as Not Trusted, which is a default setting to prevent malicious code execution.
Which can be changed.
Initial Fail
Inserting the payload.
Executing
Netcat listener on Kali received aa inbound connection, but it’s not a shell.
Checking the error reveals that powershell could not be found.
Linux Environment
Inserting the modified payload.
It turns out that the host system is Linux environment. Possibly WSL
Initial Foothold established to the WSL environment on the DEV-DATASCI-JUP(10.10.232.68) host as the dev-datasci user via Python code execution through the target Jupyter Notebook instance.