Skip links

  • Skip to primary navigation
  • Skip to content
  • Skip to footer
tsustyle
  • Home
  • TryHackMe
  • HackTheBox
  • CTF

    tsustyle

    Aspiring Red Team

    • US
    • Twitter
    • GitHub
    • TryHackMe
    • Hack the Box
    • Linkedin

    GI Joe

    less than 1 minute read

    img

    img

    See GI Joe? CGI?

    jh2i.com:50008/cgi-bin/

    img

    Doing some enumeration lead me to:

    jh2i.com:50008/?-s

    Which allows grabbing of the source code in older versions of PHP

    img

    CVE-2012-1823

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823

    There’s a metasploit module to speed up this process

    img

    img

    Tags: cgi, CVE-2012-1823, hacktivitycon, metasploit, php

    Categories: Hacktivitycon2020

    Updated: December 29, 2020

    Share on

    Twitter Facebook LinkedIn
    Previous Next

    You may also enjoy

    THM Challenge

    February 11, 2021  

    ‘THM Challenge’ is a WebApp that I wrote to send along with my CV to TryHackMe when they were recruiting Content Engineers

    Granny & Grandpa

    January 27, 2021  

    Granny & Grandpa are a pair of identical easy rated boxes on Hack the Box. We’ll use metasploit to exploit a buffer overflow in IIS 6.0/WebDav for access and a kernel exploit for privesc

    Optimum

    January 25, 2021  

    ‘Optimum’ is an easy rated box on Hack the Box. We’ll exploit a vulnerable version of HttpFileServer for access and use Windows Exploit Suggester to find a kernel exploit for privesc

    Bashed

    January 25, 2021  

    ‘Bashed’ is an easy rated box on Hack the Box. We’ll use gobuster to uncover some hidden directories on a webserver, use a custom bash/php client to gain a shell and exploit a script being run as a cronjob for root

    • Follow:
    • Twitter
    • GitHub
    • Feed
    © 2021 tsustyle. Powered by Jekyll & Minimal Mistakes.