Exploiting Pluck CMS and Linux Privilege ...

Exploiting Pluck CMS and Linux Privilege Escalation | TryHackMe Dreaming

Feb 25, 2024

We covered TryHackMe Dreaming challenge where we demonstrated penetration testing concepts such as exploiting a vulnerable version of Pluck CMS to gain a reverse shell. Then we started the process of horizontal Linux privilege escalation. We moved between various users with alternating privileges such as www-data, lucien, death and morpheus. A combination of weak file permissions, incorrectly assigned privileges and hard coded credentials we were able to escalate privileges to the highest user, Morpheus, and wrap up the challenge.

Full writeup is here.

Ti piace questo post?

Offri un pizza a Motasem Hamdan / MasterMinds Group

Altro da Motasem Hamdan / MasterMinds Group

PrivacyTerminiRapporto