Bratarina
Last updated
Last updated
Source: Proving Grounds OS: Linux Community Rating: Intermediate
Autorecon revealed open ports:
SSH (22)
SMTP (25)
HTTP (80)
SMB (445)
The HTTP site immediately stood out, but it was painfully slow—like click-and-wait-forever slow. I thought the machine was glitching, so I reverted it and restarted, but nothing changed. Maybe it was designed to be this way?
Found CVE-2007-3697, an RFI vulnerability in PHPBB’s sendmsg.php
:
Tried repeatedly, but the site’s sluggishness made exploitation impractical, it's probably a rabbit hole.
Frustrated, I shifted to SMTP. Nmap identified OpenSMTPD, and a quick CVE search revealed CVE-2020-7247, an RCE flaw.
I ran the exploit script with random commands. No response. Tried again with a different command, still nothing. On the third attempt, I tweaked the payload to get a shell back, and suddenly, my netcat listener lit up. A shell connected!
Not required, initial access provided immediate root privileges.
Persistence Pays: Multiple exploit attempts may be needed, even with valid CVEs.
SMTP Overlooked: Don’t tunnel-vision on HTTP, check all services for vulnerabilities.
Slow Sites Might be Red Flags: Sluggish responses might hint at misconfigurations or intentional hurdles.