RCE
Found 3 related articles
Back to Tags- 2024-10-21
Chemistry - Pymatgen RCE (CVE-2024-23346), SSH Port Forwarding, and aiohttp LFI (CVE-2024-23334)
Technical writeup detailing the compromise of the Chemistry machine. Initial access (RCE) is gained by exploiting CVE-2024-23346, an arbitrary code execution vulnerability in the pymatgen library via a malicious .CIF file upload, leading to a low-privileged shell. Privilege escalation is achieved by locating hidden credentials in a SQLite database, gaining SSH access, and then using SSH Port Forwarding to access an internal web service. The final step involves exploiting CVE-2024-23334, a critical path traversal vulnerability in aiohttp/3.9.1, to perform Local File Inclusion (LFI) and read the /etc/shadow file for root access.
- 2024-10-16
EvilCUPS - CUPS Vulnerability Chaining (CVEs) and Local Credential Compromise
Technical writeup detailing the compromise of the EvilCUPS machine. Initial access is achieved by exploiting a chain of CUPS vulnerabilities (including CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177) to gain Remote Code Execution (RCE) as the 'lp' user. Local privilege escalation is then performed by manually enumerating the CUPS spool directory (/var/spool/cups) to extract cleartext credentials for the root user.
- 2024-10-15
Source - Webmin 1.890 RCE (CVE-2019-15107) Exploitation
Technical writeup detailing the immediate compromise of the Source machine by exploiting the Webmin service running on port 10000. The vulnerability leveraged is the unauthenticated Remote Code Execution (RCE) backdoor in Webmin versions 1.882 < 1.921 (CVE-2019-15107). Exploitation is achieved by running a public exploit to gain direct root access and establishing a reverse shell for full system control.