ARIA2 WEBUI
OFFSEC - Proving Grounds - AIR
·2962 words·14 mins
OFFSEC PG PRACTICE
ARIA2 WEBUI
CHISEL
SSH-KEYGEN
Aria2 WebUI on port 8888 is vulnerable to path traversal (CVE-2023-39141). Steal deathflash SSH key for initial access, find RPC key, forward port 6800 with chisel, configure app, upload SSH key to root for root access.