CVE-2023-6019#
Overview#
- OS: Linux
- IP: 192.168.143.37
- Difficulty: Intermediate
- Platform: OffSec
- OSCP: Yes
- Lists: N/A
Summary#
man this was literally the title and 1 click how is it intermediate.
Loot#
| Loot | |
|---|---|
| Category | Details |
| Usernames | |
| Passwords | |
| Usernames+Passwords | |
| Hashes | |
| Service Versions |
Enumeration#
Nmap#
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 62:36:1a:5c:d3:e3:7b:e1:70:f8:a3:b3:1c:4c:24:38 (RSA)
| 256 ee:25:fc:23:66:05:c0:c1:ec:47:c6:bb:00:c7:4f:53 (ECDSA)
|_ 256 83:5c:51:ac:32:e5:3a:21:7c:f6:c2:cd:93:68:58:d8 (ED25519)
9000/tcp open http aiohttp 3.9.1 (Python 3.8)
|_http-title: Ray Dashboard
|_http-server-header: Python/3.8 aiohttp/3.9.1
36373/tcp open grpc
36977/tcp open grpc
37729/tcp open grpc
38015/tcp open unknown
38811/tcp open grpc
41230/tcp open http WSGIServer 0.2 (Python 3.8.10)
|_http-server-header: WSGIServer/0.2 CPython/3.8.10
|_http-title: Site doesn't have a title (text/plain; version=0.0.4; charset=utf-8).
|_http-trane-info: Problem with XML parsing of /evox/about
44217/tcp open http WSGIServer 0.2 (Python 3.8.10)
|_http-server-header: WSGIServer/0.2 CPython/3.8.10
|_http-title: Site doesn't have a title (text/plain; version=0.0.4; charset=utf-8).
44227/tcp open http WSGIServer 0.2 (Python 3.8.10)
|_http-server-header: WSGIServer/0.2 CPython/3.8.10
|_http-title: Site doesn't have a title (text/plain; version=0.0.4; charset=utf-8).
|_http-trane-info: Problem with XML parsing of /evox/about
46711/tcp open grpc
52365/tcp open http aiohttp 3.9.1 (Python 3.8)
|_http-server-header: Python/3.8 aiohttp/3.9.1
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
59137/tcp open unknown
59484/tcp open grpcDirbusting#
Port 80#
Exploitation#
Once the primitive was confirmed, I converted it into a stable foothold and chained it forward.
