Skip to main content

Extplorer

Difficulty: Intermediate

Notes & Methodology
#

Start Here: Service Discovery This includes my mistakes, reasoning, and rabbit holes – it’s not the most direct way to solve the box!

Summary of Findings
#

Vulnerabilities and Suggested Remediation
#

  • Extplorer instance on /filemanager uses default credentials (admin:admin)
    • Change credentials to non-default
  • Extplorer configuration allows read/write access to the entire webroot
    • Use principle of least privilege to scope access
  • Dora has password reuse between extplorer and the host, allowing www-data to access their password hash
    • Use unique passwords between services
  • Dora’s membership in the “disk” allows her to read the root filesystem, including /etc/shadow
    • Don’t grant membership to disk unless necessary, ideally only for administrative users with strong passwords
  • Dora and root use passwords which are weak against dictionary attacks
    • Increase password length or complexity

Flags
#

/home/dora/local.txt: d7d1198f67e8e44cf0a15bc1ac5f8d39
/root/proof.txt: b1a3481469bfd0eec70d42211273a43d

OSCP Note Template and Runbooks
#

This is my checklist of commands and methodologies to use while taking the OSCP. Feel free to use, adapt for your own use, or open a PR with suggestions!

  • Clone the template and copy/rename for each machine
  • Start with ‘Service Discovery’ and move between the other pages as applicable

0001