Backdoor Writeup by evyatar9

Read my writeup to Backdoor machine on:


User: By running wpscan we found LFI vulnerability on Ebook PHP plugin, Using that we can get the file /proc/sched_debug which contains running tasks and PIDs, Using the LFI we can enumerate the /proc/{PID}/cmdline for each PID, By reading the cmdline of PID 817 we found that port 1337 contains gdbserver with RCE vulnerability, using that we get a reverse shell as user.

Root: Found root screen, Attaching to the root session by running screen -x root/root.