Walkthrough: Nibbles

Walkthrough: Nibbles

SAHEEL YESHWANT F. SAHEEL YESHWANT F.

SAHEEL YESHWANT F.

发布日期: 2023年12月13日
+ 关注


Platform - Proving Grounds Practice

Level - Easy

Service Enumeration

Port Scan results

NMAP Port Scan results

FTP Enumeration (TCP/21)

Upon manual enumeration of the available FTP service, no foothold was achieved.

SSH Enumeration (TCP/22)

Upon manual enumeration of the available SSH service, no foothold was achieved.

HTTP enumeration (TCP/80)

Upon manual enumeration of the available HTTP service, no foothold was achieved.

POSTGRESQL enumeration (TCP/5437)

Upon manual enumeration the service Postgresql DB 11.3 - 11.7 was exploitable with Exploit EDB-50847 and using default credentials "postgres : postgres"

PROOF OF CONCEPET - POSTGRESQL Injection

Using psql command we get the login of the user. After login to the postgresql database panel, we note that we are privileged user with superuser role.

Creating a reverse shell payload

POSTGRESQL Reverse shell command execution

We get the reverse shell, and we discover under user wilson our first flag!

local.txt

PRIVILEGE ESCALATION

We have got low privileged shell as postgres. Using LinPEAS automation script suggested that the SUID setting "find" command could be abused for privilege escalation.

Checking GTFO Bins for find reveals

GTFO Bins for find

Running the command without "sudo" and received the shell, PROOF Flag!

Root flag!







要查看或添加评论,请登录

SAHEEL YESHWANT F.的更多文章

  • Walkthrough - Zino
    2023年12月16日

    Walkthrough - Zino

    Post #24 Platform - Proving Grounds Practice Port Scanning NMAP Port scan results Service Enumeration FTP Enumeration…

  • Walkthrough - Helpdesk (Windows)
    2023年12月13日

    Walkthrough - Helpdesk (Windows)

    Post # 23 Platform - Proving Grounds Practice Service Enumeration NMAP Port Scan results MSRPC Enumeration (TCP/135)…

社区洞察

其他会员也浏览了