Hi everyone
Today we are going to look for a Box called CVE-2023-40582 which is rated as intermediate in terms of difficulty. This machine has various phases: Recon, Enumeration and Exploitation.
Box Type: Linux
Recon & Enumeration
Enumeration plays a very significant role in pen testing. The more properly you enumerate the more it will be easy to get a foothold on the target.
First, we will check whether target is reachable or not with ping command:
ping Target_IP
With ping command output we found that the target is reachable.
Now let’s move ahead and run the port scan for which we will be using Nmap a popular tool for port scanning and it will provide details of the various ports which are in Open state. The command for that will be:
nmapnmap -sC -sV -O -oA nmap/initial 192.168.126.36
nmap -sC -sV -O -p- -oA nmap/full 192.168.126.36 -T4
I discovered these ports are open:
- 22/tcp – SSH Service running OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
- 3000/tcp – HTTP Service running Node.js Express framework
- OS: Linux
Then I went ahead and checked the IP in the web browser with port 3000 and I found a page running says guess the command:
Exploitation
I started the netcat listener:
The above image shows the proof.txt file.
Key Takeaways
- Full enumeration first — version disclosures often lead straight to CVEs.
- Public exploits are a starting point — adapting them is what gets you access.
- Web vulnerabilities need chaining — one weakness alone rarely gives full compromise.
- A basic shell isn’t enough — stabilize early to unlock deeper enumeration.
- Always check sudo & system tools — misconfigurations turn features into exploits.
- If a root-level binary can be influenced, you control the outcome.
- Escalation isn’t complex — it’s identifying trust boundaries and abusing them.
If you enjoyed this post, share it with your friends and colleagues!