Since DriftingBlues7 was so quick I rolled into DriftingBlues6 and whaddya know - two successful Dirty Cow privescs in two days. What’s the world coming to?
dont forget to add .zip extension to your dir-brute
Okey dokey. It also disallows /textpattern/textpattern.
Presumably this is what we are after?
And why do we need this?
Textpattern CMS 4.8.3
Has an unrestricted file upload vulnerability. I try the python script but it’s not working:
Traceback (most recent call last):
File “/opt/vulnhub/driftingblues6/exploit.py”, line 89, in
scriptJS = soup.find_all("script").string.replace("var textpattern = ", "")[:-2]
AttributeError: 'NoneType' object has no attribute 'replace'
Rather than try to debug this I just use the GUI to upload the PentestMonkey PHP reverse shell then access it at:
Yes, it’s DirtyCow again. Linpeas gives me nothing but linux-exploit-suggester says DirtyCow is probable. Surely I’m not that lucky?
As usual, it hangs at this point. We don’t have SSH so I can’t try that. Let’s kill our shell and start it again, fingers crossed: