6 box enum chiv manual

# checking server conf files

chiv@spider:~$ ls -la /etc/nginx/sites-enabled
total 8
drwxr-xr-x 2 root root 4096 May 18 00:23 .
drwxr-xr-x 8 root root 4096 May 18 00:23 ..
lrwxrwxrwx 1 root root   33 Apr 24  2020 webapp -> /etc/nginx/sites-available/webapp
chiv@spider:~$ cat /etc/nginx/sites-available/webapp
server {
    listen 80;
    server_name spider.htb www.spider.htb;

    if ($host != $server_name) {
        return 301 $scheme://$server_name$request_uri;
    }
    location / {
        include uwsgi_params;
        uwsgi_pass unix:/var/www/webapp/webapp.sock;
    }
}

# checking /var/www/
chiv@spider:/var/www$ ls -la
total 20
drwxr-xr-x  5 root root     4096 May 18 00:23 .
drwxr-xr-x 14 root root     4096 May 18 00:23 ..
drw-r--r--  6 root www-data 4096 May 18 00:23 game
drwxr-xr-x  2 root root     4096 May 18 00:23 html
drwxr-xr-x  5 chiv chiv     4096 Oct  7 01:41 webapp

# webapp = what we exploited
# html contains just a default welcome page for nginx
# game = interesting
| we only have read perms

chiv@spider:/var/www$ ls -la game/
ls: cannot access 'game/templates': Permission denied
ls: cannot access 'game/__MACOSX': Permission denied
ls: cannot access 'game/__pycache__': Permission denied
ls: cannot access 'game/wsgi.py': Permission denied
ls: cannot access 'game/..': Permission denied
ls: cannot access 'game/.': Permission denied
ls: cannot access 'game/app.py': Permission denied
ls: cannot access 'game/game.ini': Permission denied
ls: cannot access 'game/static': Permission denied
total 0
d????????? ? ? ? ?            ? .
d????????? ? ? ? ?            ? ..
-????????? ? ? ? ?            ? app.py
-????????? ? ? ? ?            ? game.ini
d????????? ? ? ? ?            ? __MACOSX
d????????? ? ? ? ?            ? __pycache__
d????????? ? ? ? ?            ? static
d????????? ? ? ? ?            ? templates
-????????? ? ? ? ?            ? wsgi.py
# no perms to read files

# exploring pgp
| nothing in /home/chiv/.gnupg

Last updated