OpenAdmin #25
Nmap Result:
dirsearch:
/music/
/ona/
openadmin.htb
Version: 18.1.1
Tried this exploit:
Got a shell with www-data!
ona_sys
n1nj4W4rri0R!
jimmy joanna were found during the enum.
got in as jimmy.
interesting.
Pass
Revealed
/etc/apache can be seen.
Port number 52846
Port forward it to the 52846.
ssh jimmy@10.129.140.112 -L 4545:localhost:52846
Now visit http://127.0.0.1:4545 (NEW) SO COOL!!!
Logging with the creds, I got Joanna's SSH key!
Cracked it with john.
bloodninjas
ssh -i id_rsa.bak joanna@10.129.140.112
Finally in Joanna!
/bin/nano /opt/priv
Now we are root.
Finding creds was the hardest part on this box!
PreviousHack the box Write-upsNextJarvis #24 SQL Injection (UNION) & abusing systemctl with wrong permission.
Last updated