Monday, March 20, 2017

Solving hackfest2016: Sedna VM

First scanned the box.

As I was clicking around i found this. http://172.16.94.135/files/be_demo/blog/categories/newlogo.jpg
With this I searched exploit-db and found this. I first tried to upload directly using the firefox plugin Poster but the uploads kept getting renamed and php extension were being filtered somehow.
So i decided to try and upload the exploit first then use it to upload the php-reverse-shell. This got me a limited shell on the system. For privilege escalation I used taviso's exploit [CVE-2015-1318 newpid (apport)] The link to the exploit can be found here. Thanks to Viper for the awesome challenge and ofcourse g0tmi1k and the whole vulnhub community who keep the war games coming.

No comments:

Post a Comment