PWNKIT
OFFSEC - Proving Grounds - WALLA
·1812 words·9 mins
OFFSEC PG PRACTICE
WFUZZ
PWNKIT
WFUZZ login credentials on port 8091, exploited RaspAP 2.5, CVE-2020-24572, then gained root via PwnKit.
OFFSEC - Proving Grounds - EXFILTRATED
·2597 words·13 mins
OSCP
OFFSEC PG PRACTICE
SUBRION CMS
PWNKIT
EXIFTOOL
SSH or Subrion CMS 4.2.1 file upload for access. Run linpeas to find CVE-2021-4034 (PwnKit) & cronjob with exiftool (CVE-2021-22204) for root.