Page cover

Surveillance

My note about Surveillance machine

Enumeration :

Add domain and ip to host ( domain : http://surveillance.htb/) to access the web at port 80

Scanning the subdomain :

Found the login page

It related to Craft cms in here , search around on google an i found this CVE related to it : https://gist.github.com/gmh5225/8fad5f02c2cf0334249614eb80cbf4ce

Because upload_tmp_dir return "no value" so change it to "no value" and run the exlpoit :

Okay got the foothold now looking around to get the user access :

Looking around and found the hash password for matthew in backup sql file , crack it and got the user

netstat to check the port open might help :

Port 8080 is open try connect again forward port : ( localhost : 127.0.0.1)

Access Web page :

Searching around with Zone Minder CVE : https://sploitus.com/exploit?id=1337DAY-ID-39149

Using Metaploit to attack this user :

Exploit zmupdate.pl : ( /usr/bin/zmupdate.pl)

Create a file to exploit :

Run as zone minder :

sudo /usr/bin/zmupdate.pl --version=1.1.1 --user='$(/tmp/pe.sh)' --pass=ANYPASSWORD

Now file bash2 can access the root :

PreviousHackTheBox MachineNextMonitored

Last updated