Find open ports (22, 23, 80, 3306)
www-data
Port 80 has a /test/ directory
Feroxbuster result
/test/ landing page
Port 80 is running zenphoto version 1.4.1.4
Source page for /test/ reveals the version
A RCE exploit exists for version 1.4.1.4
Searchsploit
Obtain a shell
Obtain a reverse shell
Busybox shell
Catch reverse shell
Obtain local.txt
root
Machine vulnerable to PwnKit
PwnKit version <0.120
Compile PwnKit.c to obtain root shell
Obtain proof.txt
root (alternatives)
Linux kernel vulnerability ( ⇐ 2.6.36)
