6 box enum chiv manual
# checking server conf files
chiv@spider:~$ ls -la /etc/nginx/sites-enabled
total 8
drwxr-xr-x 2 root root 4096 May 18 00:23 .
drwxr-xr-x 8 root root 4096 May 18 00:23 ..
lrwxrwxrwx 1 root root 33 Apr 24 2020 webapp -> /etc/nginx/sites-available/webapp
chiv@spider:~$ cat /etc/nginx/sites-available/webapp
server {
listen 80;
server_name spider.htb www.spider.htb;
if ($host != $server_name) {
return 301 $scheme://$server_name$request_uri;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/webapp/webapp.sock;
}
}
# checking /var/www/
chiv@spider:/var/www$ ls -la
total 20
drwxr-xr-x 5 root root 4096 May 18 00:23 .
drwxr-xr-x 14 root root 4096 May 18 00:23 ..
drw-r--r-- 6 root www-data 4096 May 18 00:23 game
drwxr-xr-x 2 root root 4096 May 18 00:23 html
drwxr-xr-x 5 chiv chiv 4096 Oct 7 01:41 webapp
# webapp = what we exploited
# html contains just a default welcome page for nginx
# game = interesting
| we only have read perms
chiv@spider:/var/www$ ls -la game/
ls: cannot access 'game/templates': Permission denied
ls: cannot access 'game/__MACOSX': Permission denied
ls: cannot access 'game/__pycache__': Permission denied
ls: cannot access 'game/wsgi.py': Permission denied
ls: cannot access 'game/..': Permission denied
ls: cannot access 'game/.': Permission denied
ls: cannot access 'game/app.py': Permission denied
ls: cannot access 'game/game.ini': Permission denied
ls: cannot access 'game/static': Permission denied
total 0
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
-????????? ? ? ? ? ? app.py
-????????? ? ? ? ? ? game.ini
d????????? ? ? ? ? ? __MACOSX
d????????? ? ? ? ? ? __pycache__
d????????? ? ? ? ? ? static
d????????? ? ? ? ? ? templates
-????????? ? ? ? ? ? wsgi.py
# no perms to read files
# exploring pgp
| nothing in /home/chiv/.gnupg
Last updated