Please enable JavaScript.
Coggle requires JavaScript to display documents.
RED 1 - Coggle Diagram
RED 1
PrivEsc (root)
Monitoring
pspy64
Discovery
cron job
/root process
target file
/var/www/wordpress/.git/
Exploit
replace C file
malicious reverse shell
Execution
cron triggers
root execution
Result
root shell
Web Investigation
Website
"Hacked by Red"
backdoor hint
Host Setup
/etc/hosts
redrocks.win
Directory Enum
gobuster
backdoor wordlist
Discovery
NetworkFileManagerPHP.php
Database Secrets
Target File
wp-config.php
PHP Wrapper
base64 encode
read source code
Decode
password string
Clue
"rules are rules"
PrivEsc (ippsec)
sudo -l
/usr/bin/time
as ippsec
Exploit
sudo -u ippsec /usr/bin/time /bin/sh
Result
ippsec shell
Stability
reverse shell
Backdoor Exploit (LFI)
Fuzz Parameter
wfuzz
key parameter
LFI
?key=/etc/passwd
User Discovery
john
ippsec
oxdf
Password Cracking
hashcat
best64.rule
wordlist generation
SSH Attack
hydra
user john
Result
valid password
Recon
netdiscover
find target IP
nmap scan
22 SSH
80 Apache HTTP
SSH Access (john)
login via SSH
port 22
user john
Problem
session drops
annoying script
Flags
user.txt
root.txt