Target from: CVE Network
Advanced, Rootable
CVE-2018-11776 / 0.0.0.0
5: Flags (other, 2:system, env, root)
2: Services
1,500 pts
Level 7 / Senior Securitas
ElleuchX1 / 299th Place
5: Flags found
2: Services discovered
1,500 pts
201 minutes
This is a target with direct implementation of the CVE-2018-11776 for Apache Struts 2.3.34/2.5.16 and is here to assist in developing exploits for this vulnerability.
Description
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin).
Environment details
The system is accessible at 10.0.200.169 and runs Apache Tomcat on port 8080/tcp.
8009/tcp. Flags can be found at:
/root/ETSCTF/etc/passwdgecos/etc/shadowpassword hashenvvariablehttp://10.0.200.169:8080/ETSCTF.htmlurl which is also available under/usr/local/tomcat/webapps/ROOT/ETSCTF.html
NOTE: The target IS exploitable, you just need to try harder!!
19 Headshots (newer first)
M4sk0ff, Dych0t0m0us, AshBorn77, kobbycber, jaxafed, PufferOverflow, Muzec, Grosik, JDgodd, ElleuchX1, hacker, Pegasus, biba22, sn1per, r0b0tG4nG, TheCyberGeek, AKMalware, abosaif, hitmanalharbi