Jacko
Last updated
Was this helpful?
Last updated
Was this helpful?
We discover port 80
We can change password with the api on this JDBC
We are presented with H2 console: We can change the database to something that doesn't exist and check: User tony found
We can try an exploit: https://www.exploit-db.com/exploits/49384 We got working code execution.
Now we can create a shell:
now we can transfer this with:
Now to get the reverse shell back:
Nothing works
Using full path:
We can also set the path:
We have SeImpersonatePrivilege so trying Godpotato:
Transfer it to the machine:
Now run exploit:
We get a shell but it is a broken shell.
We find an unusual program: Using the exploit for PaperStream IP https://www.exploit-db.com/exploits/49382 Now generate msfvenom payload: