Proving Grounds: BBSCute

Today we are going to look at an easy machine BBSCute on Proving Grounds. Starting off with a portscan as usual we find the following:

One thing that stands out to me is port 88 which is usually Kerberos, looking more closely at it we find it is running a web server:

We will keep that in the back of our heads and it was a 404 not found. Moving on…

Going to port 80 we see a default apache page, I always like to do an index.html and also index.php, and this time we get a hit with index.php

At the bottom we can see something about cutenews, lets see if we can exploit that:

Looks like everything is authenticated, so we first need a username and password, utilizing the last exploit we can get remote code execution, however do need to change up the file:

Notice we are not going to CuteNews, so we have to go index.php and delete cutenews whereever it may exists in the exploit itself:

Continuing on we now have RCE:

We do a bash reverse shell to get a full shell on the machine, continuing:

We can run hping3, at first I tried with sudo but then I realized that I did not need to:

And we are finished, thanks for reading and hopefully you learned something while doing this box.