Exploitation

Reverse shell

At this point we are beginning to establish a solid foothold on our target.

We have the ability to execute commands into the system through the web-based terminal on the Usermin dashboard.

Let's take it a notch higher by establishing a reverse shell connection into the machine through the web-based terminal.

A valuable resource I use to create reverse shell payloads is https://www.revshells.com/

Creating a reverse shell payload

Have your listener on

Let's execute our reverse shell payload on the web terminal

Our listener gets a hit!

We now have a reverse shell connection into the target.

Our shell is however not interractive. Let's fix that.

To do that, we will need to spawn a TTY Shell. TTY Shell however uses python3. We thus need to confirm the python version our target is running.

Our target is running python3. Awesome!

Now let's spawn the TTY shell

python3 -c 'import pty; pty.spawn("/bin/sh")'

Ando now we have an interactive shell

On listing the contents of the directory I was, I found our first flag

PreviousVulnhub's EMPIRE BREAKOUT CTF Walk-throughNextPrivEsc

Last updated