Post

Tiki

Posted Updated
Tiki Machine !
Tiki Machine !
By Shivendra Prajapati
1 min read

Description ⤵️

💡 Tiki ⤵️

Oh no our webserver got compromised. The attacker used an 0day, so we dont know how he got into the admin panel. Investigate that.

This is an OSCP Prep Box, its based on a CVE I recently found. Its on the OSCP lab machines level.

If you need hints contact me on Twitter: S1lky_1337, should work on VirtualBox and Vmware.

Let’s find the IP Address first »

108-1.png

1

IP : 10.0.2.2

Port Scan Results ➡️

109-1.png

1
2
3
4
5

OPEN PORTS >
22  SSH
80  HTTP
139 SMB
445 SMB

SMB Enumeration ⤵️

SMB access →

112-1.png

Lets access the notes →

112-2.png

112-3.png

1

Silky : 51lky571k1

Web Enumeration ⤵️

110-1.png

With Mail.txt file → I suspected it is a latest exploit so I searched it out →

110-2.png

Lets use it now →

110-3.png

110-4.png

After removing the $pass=admin part I forwarded the request and I got it → Admin

110-5.png

uploaded theshell.php file →

110-6.png

110-7.png

1
2

silky   :	Agy8Y7SPJNXQzqA

lets try SSH now →

111-1.png

111-2.png

111-3.png

I got into root →

111-4.png

1

flag.txt → 88d8120f434c3b4221937a8cd0668588

Summery Notes →

→ I can not say this machine is for OSCP , it was way easy machine ←

If you have any questions or suggestions, please leave a comment below. Thank You !

VulnHub
PrivEsc Public Exploit SMB CMS Tiki_Wiki_CMS
This post is licensed under CC BY 4.0 by the author.