If you find anything suspicious, try using it as password.

dirsearch

[22:25:09] 200 -    2KB - /index
[22:25:09] 200 -    2KB - /index.html
[22:25:19] 200 -   53B  - /robots.txt

robots.txt had

Y3liZXJzcGxvaXR7eW91dHViZS5jb20vYy9jeWJlcnNwbG9pdH0=

cybersploit{youtube.com/c/cybersploit}

this was the password for ssh.

index.html

itsskv

logged in as itsskv with the pass:

cybersploit{youtube.com/c/cybersploit}

Exploit suggester:

ossible Exploits:

[+] [CVE-2016-5195] dirtycow

Details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails Exposure: highly probable Tags: debian=7|8,RHEL=5{kernel:2.6.(18|24|33)-},RHEL=6{kernel:2.6.32-|3.(0|2|6|8|10).|2.6.33.9-rt31},RHEL=7{kernel:3.10.0-|4.2.0-0.21.el7},[ ubuntu=16.04|14.04|12.04 ] Download URL: https://www.exploit-db.com/download/40611 Comments: For RHEL/CentOS see exact vulnerable versions here: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh

[+] [CVE-2016-5195] dirtycow 2

Details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails Exposure: highly probable Tags: debian=7|8,RHEL=5|6|7,[ ubuntu=14.04|12.04 ],ubuntu=10.04{kernel:2.6.32-21-generic},ubuntu=16.04{kernel:4.4.0-21-generic} Download URL: https://www.exploit-db.com/download/40839 ext-url: https://www.exploit-db.com/download/40847 Comments: For RHEL/CentOS see exact vulnerable versions here: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh

[+] [CVE-2015-1328] overlayfs

Details: http://seclists.org/oss-sec/2015/q2/717 Exposure: highly probable Tags: [ ubuntu=(12.04|14.04){kernel:3.13.0-(2|3|4|5)-generic} ],ubuntu=(14.10|15.04){kernel:3.(13|16).0--generic} Download URL: https://www.exploit-db.com/download/37292

I want to try the overlayfs today!

Easy win!