Post

DJINN 3

Posted Updated
DJINN 3 Machine 🖥️
DJINN 3 Machine 🖥️
By Shivendra Prajapati 1 min read

Description ⤵️

💡 DJINN-3

  • Level: Intermediate
  • flags: root.txt
  • Description: The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You’ll see the IP right on the login screen. You have to read the root flag.

Let’s find the IP Address first »

167-1.png

1

IP : 10.0.2.20

Port Scan Results ➡️

167-2.png

1
2
3
4
5

OPEN PORTS >
22     SSH
80     HTTP
5000   HTTP
31337  Elite?

Web Enumeration ⤵️

167-3.png

167-4.png

So the port 31337 is for netcat connection → I guess the username & password as guest,guest and I got in →

167-5.png

Now lets check for SSTI vulnerability →

167-6.png

167-7.png

So I guess we have SSTI vulnerability so lets exploit →

Since my payload land into jinja catagory of SSTI so →

167-8.png

167-9.png

So After using this payload I got respanse as →

167-10.png

So now lets for a reverse shell out of this →

167-11.png

167-12.png

SHELL ➡️

167-13.png

Now I have used one exploit to counter this linux machine →

And this time I exploited the sudo version →

167-14.png

URL → https://github.com/worawit/CVE-2021-3156

167-15.png

Now lets use the exploit_nss.py exploit →

167-16.png

167-17.png

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds Play
Public Exploit SSTI PrivEsc
This post is licensed under CC BY 4.0 by the author.