Open ports (80)
Thecybergeek shell
Upload an malicious .ODT file to obtain a reverse shell
On the homepage there is a file upload feature which only accepts ODT files
Use this tool to create an ODT file containing a reverse shell
Upload the file
Catch the reverse shell
Obtain local.txt
Apache shell
We have write access to the Apache web server root which is run by apache service account
Write access
Apache service account exists
Apache account running the web server
Obtain a reverse shell as the Apache user
Create a malicious rev.php file
Copy rev.php to victim then navigate to rev.php on HTTP server
Catch reverse shell
root shell
Use Apache's SeImpersonatePrivilege to obtain root shell
List privileges
Execute PrintSpoofer
Obtain proof.txt
