![netcat reverse shell not working getting hung up netcat reverse shell not working getting hung up](https://i.ytimg.com/vi/rjiUsyQTaQE/maxresdefault.jpg)
- #Netcat reverse shell not working getting hung up code
- #Netcat reverse shell not working getting hung up password
Looking through the website configuration files, we find that the credentials for a user are stored in plaintext.Ippsec was able to gain a low-privileged shell by using a SQL injection to bypass the initial login page, and then uploading a malicious PHP web-shell.Sudo PYTHONPATH=/tmp/a /opt/scripts/admin_tasks.sh Then finally we can start a netcat listener, and run the script as sudo while passing the PYTHONPATH variable to our custom location.We start by making a file at /opt/a/shutil.py with the following code:
#Netcat reverse shell not working getting hung up code
#Netcat reverse shell not working getting hung up password
Reviewing the configuration files that power this webserver reveals a SHA256 hash that we’re able to decrypt the cleartext password to.We also found that an additional webserver was listening on localhost port 52846 by running ss -lntp.Connecting to the SQL database didn’t return anything new, but we were able to enumerate additional users on the box from /etc/passwd, and found that the credentials to the database were being reused for the Jimmy user account.Once on the box as www-data, he was able to enumerate the config files for the webserver, and found plaintext credentials for the SQL database.Ippsec was able to abuse a public exploit to get command execution as.OpenAdmin: Linux Machine Retired in May 2020 This list will be updated as time goes on. The idea is to provide a list of privesc methods to review when you’re stuck and unable to find the intended way to escalate when you’re taking the OSCP exam and/or participating in a CTF. This post will contain a list of retired Hack The Box machines and the methods used by Ippsec to escalate privileges.