Initial Foothold – Crete Island
Nmap result:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
root@kali:~/Desktop/htb# nmap -sS -sC 10.10.10.83 Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-08 01:25 EDT Nmap scan report for 10.10.10.83 Host is up (0.50s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp filtered ssh 53/tcp open domain | dns-nsid: |_ bind.version: Bind 80/tcp open http |_http-title: Crete island - Olympus HTB 2222/tcp open EtherNetIP-1 Nmap done: 1 IP address (1 host up) scanned in 44.13 seconds |
Port 80 enumeration
– Dirbuster: no interesting page/directory.
– Nikto: found uncommon header xdebug 2.5.5
– Xdebug is an extension for PHP to assist with debugging and development.
– Xdebug < 2.5.5 suffer from unauthenticated os command execution
– Exploit: https://github.com/vulhub/vulhub/blob/master/php/xdebug-rce/exp.py