Linux Boxes

blocky

  1. gobuster
    1. /plugins
  2. blockycore.jar
    1. strings blockycore.class
  3. wpscan enumerate users
  4. intial foothold
  5. privesc
  6. user/root

blocky

images/1689-1.png

images/1689-2.png

gobuster

images/1690-1.png

/plugins

images/1691-1.png

strings blockycore.class

images/1696-1.png
images/1696-2.png

wpscan enumerate users

wpscan --url http://10.10.10.37 -e u

images/1693-1.png

we see there is a user notch
images/1693-2.png

intial foothold

images/1694-1.png

using this stored password to ssh into user notch we get our foothold!
images/1694-2.png

privesc

real simple here sudo -l
images/1695-1.png

we see notch has permission to run any and all commands as sudo, so we can spawn a shell as root

images/1695-2.png

user/root

images/1697-1.png
59fee0977fb60b8a0bc6e41e751f3cd5

images/1697-2.png
0a9694a5b4d272c694679f7860f1cd5f