I started here:
When your VM is ready you should be able to log in to the admin's panel:
I was ready to switch to BurpProxy but then I saw that this will be a quick 'test' because...
The webapp-shell is already available for you/logged-in as admin user:
I was a little bit disappointed at this stage but I decided to check the app anyway ;)
(Running webserver from root is always some kind of a 'good hint' for me... :> )
(In the meantime I was looking for some other ways to obtain reverse shell, for example:
Running (and we can see revshell to port 4444 on Kali):
So yeah.. Cool feature :) well.
...anyway... ;] )
I started from very first page(s, like Hostname & DNS and so on...) then suddenly found something interesting in the Logs section.
(By the way, this one is good too :
Check it out (Logs):
As you can see some lazy guy was trying to run sqlmap against the VM ;]
...but more interesting for me was:what can we do with that sudo? ;D
(Update: Looks like I forgot to upload this screen ;) Thanks for the email!)
|post-auth RCE poc to check|
Remember to use it only for legal purposes.
In case of the fix: try this page. ;)
* Updated: 10.02.2019 @ 13:23:
When your reverse shell is ready, remember to check sudo -l ;)