Context

A vulnerable Terminator themed Linux machine.

Starting hypothesis

Summary:

• Scan ports using nmap
• Use GoBuster to enumerate directories
• Experiment with SMBMap to find Samba shares
• Using enumerated credentials to read emails
• Exploit CMS RFI vulnerability
• Exploit tar wildcards for privilege escalation

Method / Used Tools

Nmap

The first step was to enumerate the target with a service detection scan:

nmap-sV10.129.141.140

The scan revealed six exposed TCP services:

• 22/tcp — SSH (OpenSSH 7.2p2)
• 80/tcp — HTTP (Apache 2.4.18)
• 110/tcp — POP3 (Dovecot pop3d)
• 139/tcp — NetBIOS / SMB