Tech Support

This assessment targeted a Linux system exposing web and SMB services. Through enumeration, credential discovery, and CMS exploitation, we achieved remote code execution and escalated privileges to root.

Enumeration

Open ports included SSH, HTTP, and SMB. Directory brute-forcing revealed WordPress and Subrion CMS installations.

SMB Enumeration

Anonymous SMB access exposed a share containing credentials that were later reused for CMS login.

Exploitation

A vulnerable Subrion CMS instance allowed arbitrary file upload. A web shell was uploaded and used to gain remote code execution.

Privilege Escalation

Credential reuse allowed lateral movement, and a misconfigured sudo binary (`iconv`) enabled escalation to root.

Key Takeaways

SMB shares often leak sensitive data
Credential reuse enables lateral movement
Outdated CMS platforms are high-risk
File upload vulnerabilities lead to RCE
Sudo misconfigurations can give instant root