Then I’ll exploit an XXE vulnerability in ClamAV’s clamscan utility to read root’s SSH key. First I’ll exploit a CVE in git for how the apply command allows overwriting arbitrary files. The next two steps both involve CVEs that didn’t have public exploits or even much documentation at the time Snoopy released. In there, I’ll abuse a slash command intended to provisions servers to have it connect to my SSH honeypot, and use those creds to get on the box. Once that’s updated, I can direct password reset emails for accounts on snoopy.htb to my server, and get access to a MatterMost instance. I’ll use that to read a bind DNS configuration, and leak the keys necessary to make changes to the configuration. Snoopy starts off with a website that has a file read / directory traversal vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |