Persecure : my learning archive

PNPT : Black Pearl

Overview

  • Enumerate to find a virtual host
  • Find the Navigate CMS exploit
  • Use SUID exploit to gain root

Enumeration

Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80

/secret

DNS Enumeration

/navigate

Foothold

Use metasploit to gain a shell.

Transfer linpeas to find more clues.

Seems like we can exploit some permissions.

Privilege escalation

Check GTFObins for SUID exploits.

Root is gained.

Create a website or blog at WordPress.com