This leads to and appears to allow us to upload a file to be analyzed. However, there is another page found when we take the Service link from the top navigation. The website and its links are largely nonfunctioning. The site appears to be providing a malware analysis service. When we navigate to in our browser we find a website named VirusBucket. We should first go take a look at what is being served by the Tomcat service on port 8080. Our scan shows us that OpenSSH 8.2p1 is running on port 22 and that there is an Apache Tomcat 9.0.27 service running on port 8080. We’ll start by scanning for open TCP ports using the following nmap command. The host allows for containers to utilize the Docker.Sock Unix socket, and we are able to breakout of the container using the Docker API. This allows us to get a shell as the root user on a container that is hosted by the machine. We are then able to get our initial shell and find that the machine is using a stool called SaltStack that is also vulnerable to RCE.
#Apache tomcat 9.0 27 exploit code#
We then find that the machine is vulnerable to CVE-2020-9484 – a vulnerability with insecure deserialization that when paired with Apache PersistenceManager can result in remote code execution. We will start by finding out that there is an Apache Tomcat 9.0.27 deployment running that is hosting a site that allows for uploading files. This machine will be a challenge for many and will require attention to detail and likely a lot of research.
Feline is a Hack the Box machine that is rated Hard on their difficulty scale.
0 kommentar(er)
