https://hussienmisbah.github.io/tags/phishing/ Recent content in Phishing on 0xMesbaha Hugo en Mon, 27 Jun 2022 00:45:19 +0200 https://hussienmisbah.github.io/posts/linux-machines/2022-06-27-napping/ Mon, 27 Jun 2022 00:45:19 +0200 https://hussienmisbah.github.io/posts/linux-machines/2022-06-27-napping/ <p>In This VulnHub Box, we are facing a relatively an interesting vulnerability which is tab-nabbing that will help us phish the admin to get his credentials which we can use to ssh into the Box , From There we can get a reverse shell from adrian user as he is running a cron job which is a python script and we can write into it because we are in the administrators group. and for the root part we have sudo privilege on vim editor.</p> <p>you can download the machine from <a href="https://www.vulnhub.com/entry/napping-101,752/" target="_blank" rel="noopener noreffer ">here</a> we have the description :</p> <p><em>Even Admins can fall asleep on the job</em></p> <p>it indicates that some admin will make a mistake or something but let&rsquo;s Jump in and see ourselves.</p>