π§ TryHackMe room link: https://tryhackme.com/room/contrabando
π§π Never tell me the odds.ππ§
Our company was excited to release our new product, but a recent attack has forced us to go down for maintenance. They have asked you to conduct a vulnerability assessment to help identify how the attack occurred.
Are you up for it?
In this room you start by exploiting CVE-2023-25690 (HTTP request splitting with mod_rewrite and mod_proxy) and get your first initial reverse shell, inside the machine, you scan local networks to find a second app running on port 5000, using Chisel for port forwarding you can access the app which has SSTI vulnerability, we get our second shell which give us user flag, then we get user password from first script running with sudo privilege, then we get root level from second script that it has Vulnerability using input() function on python 2 .
πScripts Used:π
π₯ Commands used on the video: https://github.com/djalilayed/tryhackme/tree/main/contrabando
π₯ User password vault: https://github.com/djalilayed/tryhackme/blob/main/contrabando/vault_pass.sh
π₯ CVE 2023 25690 – Proof of Concept: https://github.com/dhmosfunk/CVE-2023-25690-POC
π₯ CVE-2023-25690: https://github.com/thanhlam-attt/CVE-2023-25690/tree/main
β οΈ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.
Don’t forget to π LIKE and π SUBSCRIBE for more cybersecurity tutorials!
#TryHackMe #Contrabando