Pentester Academy Command Injection ISO basilic 1.5.14 exploit
This writeup is published on infosecinstitute.
Pentester academy has launched a Command Injection ISO virtual image of Ubuntu with lots of real world vulnerable application framework.
Refer the following link for download and information purpose:
1) Kali linux (Bridged or NAT) . My Kali Linux Ip was 192.168.1.102
2) Command Injection ISO (Bridged or NAT). My target IP was 192.168.1.103
Login into command injection ISO with user name securitytube and password 123321 to check for the DHCP ip address allocated or simply do a ping scan (nmap -sn)
Checking out for port 80 on Command Injection ISO (192.168.1.103)
As seen above there are many framework installed for exploitation. I will be working with Basilic 1.5.14 in this blog.
Click on the basilic folder and you can see the following.
Searching for exploit in exploit-db with searchsploit tool in Kali gave me a ruby exploit.
If the language is ruby then I guess it will be present in metasploit.
Searching for exploit in msf framework.
Configure metasploit as shown below:
We have successfully exploited command injection vulnerability in basilic and got www-data privilege on the target.
Now lets us exploit it without metasploit.
Searching for exploit on internet I found the following URl http://www.securityfocus.com/bid/54234/exploit
Due to output encoding of SecurityFocus it seems to be obfuscated. Actual exploit is as follows.
Using the above mentioned exploit for command execution.
We are able to execute system command using file parameter.
Let's get a reverse shell.