Share
## https://sploitus.com/exploit?id=03C23FE4-5604-5957-BEE4-C02425FE1BF4
# test-task-CVE-2024-25600
Repository for internship test-task. 

### Step 0: Clone this git repo
```
git clone https://github.com/Sibul-Dan-Glokta/test-task-CVE-2024-25600
```

### Step 1: Create docker containers

#### Start Docker daemon

```
sudo systemctl start docker.service
```

#### Start Docker Containers
To start the docker container navigate to the wp_container directory
```
cd path/to/wp_container
```
Start the docker containers
```
sudo docker compose up -d
```

#### (optional) Check if the wordpress page started
The WP site may take roughly 30 seconds to get working properly. To validate if the WP page started issue the following command:
```
curl http://127.0.0.1:8080
```
The output should display HTML code. and no errors


### Step 2: Exploit the website
#### (If necessary) create a python virtual environment
```
python -m venv /path/to/new/virtual/environment
```

#### Install the necessary dependencies
To install the necessary dependencies navigate to the exploit directory and run the following command:
```
path/to/new/virtual/environment/bin/pip install -r requirements.txt
```

#### Run the exploit
While in the exploit directory to run the exploit issue the following command:
```
path/to/new/virtual/environment/bin/python3 exploit.py -u http://127.0.0.1:8080

```
This will crant you access to the server shell as www-data. And you will have access to /etc/passwd.
Output from exploit script and whoami
![alt text](image.png)