Tonight I attempted a boot2root creation. I’ve sourced the vulnerable software and am laying out my path. There is one huge problem though.
For whatever reason, while watching TV, I fat-fingered the password for MariaDB/ SQL after the install on the initial config. I ran through a couple of password resets that didn’t work, that’s fine. It’s really not that serious and I didn’t have a DB to recover anyway. I’ll just reinstall and execute mysql_secure_installation tomorrow. So… Guess I’ll be going to sleep now. The good news is that I have a snapshot bringing me back to where I left off.
Update! I’ve completed the broken app install for the initial foot-hold. Now, I need to decide what the external entry vector will be. Stay tuned, I’m gonna break something.
Final update: No dice! After spending hours on the machine, the vulnerability I had a XSS exploit for the search field in the webapp. I was unable to get a call back due to input sanitization. The original method was to be able to upload a reverse shell. I even encoded the payload with MSFvenom, no cookies. All in all, I learned somethings. I will choose a different vulnerable software and try it again.
