Skip to content

Billyboss 🔸

Enumeration

Port 80 has a baget instance

Port 8081 has a nexus repository manager

6

Initial Access

Using nexus:nexus we are in

Now executing the exploit (and changing the ip and cmd inside)

Get the flag

Privilege Escalation

We have seimpersonate privilege but i can't get potatos to work, whoami doesn't work, no valid for proof.

So we get all updates and notice one that is installed by nathan.

We can use this exploit https://github.com/danigargu/CVE-2020-0796

Post Exploitation