Post

Ide

Ide

Ide

πŸ” Port Scanning & FTP Enumeration

πŸ•΅οΈ First, run an nmap scan: Pasted image 20260607194625.png Pasted image 20260607195546.png Pasted image 20260607202453.png

πŸ’» As you can see, it is running Codiad 2.8.4. I searched for vulnerabilities, but we need login credentials to exploit them. Therefore, I checked the FTP server as an anonymous user first: Pasted image 20260607201544.png

πŸ“‚ As you can see, there is a file inside the FTP directory named .... Pasted image 20260607201721.png Pasted image 20260607201745.png

πŸ”‘ The username is john, but we don’t know the password yet. So, I brute-forced it using Caido: Pasted image 20260607202401.png The password is password.

πŸ•΅οΈ Codiad Exploitation

πŸ’‘ Now that we have the credentials, let’s try the exploit. I downloaded the exploit code from Exploitdb:

Pasted image 20260607203619.png

⚑ As you can see, I got a shell. You need to run both commands they provided: Pasted image 20260607210745.png

⚑ SSH & Privilege Escalation

πŸ“Œ I then used that password to SSH as user drac: Pasted image 20260607210931.png

Pasted image 20260607212844.png

πŸ› οΈ Then, I edited the service file: Pasted image 20260607213208.png Pasted image 20260607213222.png Pasted image 20260607215159.png Pasted image 20260607215218.png Pasted image 20260607215253.png

This post is licensed under CC BY 4.0 by the author.