Exploiting Pluck CMS and Linux Privilege ...

Exploiting Pluck CMS and Linux Privilege Escalation | TryHackMe Dreaming

Feb 25, 2024

We covered TryHackMe Dreaming challenge where we demonstrated penetration testing concepts such as exploiting a vulnerable version of Pluck CMS to gain a reverse shell. Then we started the process of horizontal Linux privilege escalation. We moved between various users with alternating privileges such as www-data, lucien, death and morpheus. A combination of weak file permissions, incorrectly assigned privileges and hard coded credentials we were able to escalate privileges to the highest user, Morpheus, and wrap up the challenge.

Full writeup is here.

Vous aimez cette publication ?

Achetez un pizza à Motasem Hamdan / MasterMinds Group

Plus de Motasem Hamdan / MasterMinds Group

ConfidentialitéConditionsSignaler