This is rather be a quick post and intended to be a reference note for me (and you all).
Recently, I exploited a vulnerability to gain shell of the remote system. Yeah, this is remotely over SSH connection..:) The pre-requisites are:
1. Remote server must have SSH service running.
2. Remote server must have vagrant module installed.
3. Support key based authentication.
To detect server has vagrant module installed, browse http://example.com/vagrantfile. This should give you a pop-up to download a file. Refer here for vagrantfile info.
When vagrant is installed on the box, it creates a default user called vagrant with www rights and accepts incoming connections for the user vagrant having valid keys. The keys are known and can be downloaded from here. To exploit, replace these keys with your public and private keys or use below command:
ssh -i <key_files> vagrant@<remote_server_ip>
And here you go, you gain access to shell instantly and own the box...:)
Happy testing and hacking!!!
Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!