1/16/2024 0 Comments Paper io 2 hack 2022╔══════════╣ Executing Linux Exploit Suggester It’s worth checking if dwight shared their password across rocketchat and the system. Given the access to files in /home/dwight, it makes sense that the bot is running as dwight. env file is immediately interesting, as those files tend to hold secrets for the project: I’ll note that dwight and rocketchat are the only users on the box not in the system/service range below 1000. /./etc/passwd shows the contents of that file: The directory traversal vulnerability is present in this command as well. It seems hardened against command injection: Read Files This command is vulnerable to directory traversal: But if I give it an invalid path, it errors, and gives the full path: If I give it a valid directory, it returns the contents of that directory. I’ll open a DM to recyclops, and try to list files:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |