Einführung

In this video-walkthrough, we demonstrated Content management system exploitation, namely Cockpit, and privilege escalation on Exiftool.

This is a machine that allows you to practise web app hacking and privilege escalation using recent vulnerabilities.

You’ve identified that the CMS installed on the web server has several vulnerabilities that allow attackers to enumerate users and change account passwords.

Your mission is to exploit these vulnerabilities and compromise the web server.

Holen Sie sich Hinweise zum OSCP-Zertifikat

Video-Anleitung

Antworten

What is the name of the Content Management System (CMS) installed on the server?

What is the version of the Content Management System (CMS) installed on the server?

What is the path that allow user enumeration?

How many users can you identify when you reproduce the user enumeration attack?

What is the path that allows you to change user account passwords?

Compromise the Content Management System (CMS). What is Skidy’s email.

Was ist die Webflagge?

Compromise the machine and enumerate collections in the document database installed in the server. What is the flag in the database?

Was ist das user.txt-Flag?

Was ist der CVE number for the vulnerability affecting the binary assigned to the system user? Answer format: CVE-0000-0000

What is the utility used to create the PoC file?

Escalate your privileges. What is the flag in root.txt?

, ,
Anmerkungen anzeigen

Motasem

Über den Autor

Ich erstelle Notizen zur Cybersicherheit, Notizen zum digitalen Marketing und Online-Kurse. Ich biete auch Beratung zum digitalen Marketing an, einschließlich, aber nicht beschränkt auf SEO, Google- und Meta-Anzeigen und CRM-Verwaltung.

Artikel anzeigen