https://chiefdennis.github.io/tags/exhibitor-unauthenticated-rce/Recent content in Exhibitor Unauthenticated RCE on Chief Dennis' BlogHugoenSat, 29 Nov 2025 11:00:00 +0100https://chiefdennis.github.io/posts/pelican-walkthrough/Sat, 29 Nov 2025 11:00:00 +0100https://chiefdennis.github.io/posts/pelican-walkthrough/<h2 id="pelican-offsec-walkthrough"> Pelican OffSec Walkthrough <a class="heading-link" href="#pelican-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p><img src="https://chiefdennis.github.io/posts/pelican-walkthrough/Picture_0.png" alt="image"></p> <p>This walkthrough covers the full exploitation path for the Pelican target, from initial reconnaissance to root compromise and post-exploitation considerations. We focus on service enumeration, misconfigurations, abusing an exposed Exhibitor instance, credential extraction through memory dumping, and privilege escalation.</p> <h3 id="1-reconnaissance"> 1. Reconnaissance <a class="heading-link" href="#1-reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>First, a ping is made to verify connection with the machine:</p>