Starting off with a quick netdiscover to figure out what IP we’re dealing with:
With no other clear clues on where to go next I’m guessing we will need to figure out a way to get root access on the server and probe around for the 3rd key.
Checking the Linux release + version I come up with this:
Some quick googling and I find a good contender for possible privilege escalation with this version: https://www.exploit-db.com/exploits/37292/
Using this as a guide I configured my browser to use the Burp proxy and tested logging into http://192.168.111.100/wp-login.php with the user ID “testuser” and password “user” so I could easily decipher the HTTP POST request.
While at Defcon last week I picked up a Bash Bunny from the Hak5 booth. I managed to run into both Darren + Shannon also this year and it was cool finally meeting them both in person!
Continue reading “Bash Bunny!”