Privilege Escalation

Target this time is / etc / shadow in the server, first of all do information gathering, I use nmap, after receiving
information, then we match it with the tools vunlnerability scanner, I use nessus







turned out to open the same port, 22,80,137,139, 445, 10000,
after the scan, a strange looking port :) here we are trying to enter the port 10000 (webmin)  




before entering the metasploit, we check first in exploitDB, with the keyword webmin

type the command


./webmin searchsploit

It turns out there was no exploit, but before we execute, we first copy the home folder first,
 
platforms/multiple/remote/2017.pl cp / root

 
why we choose the arbitrary file, because the ability to read the file permissions are beyond our.
After the exploit file copied to the home folder and then we execute the command :

perl 2017.pl
 

contents all options granted last execution.





After getting the password, we copy all the contents of / etc / shadow earlier to a new txt file, with any name, here I save with the name password.txt
crack do with john the ripper to perform the command.
Existing picture of this post? for cracking passwords will be continued in my next post,

good luck:)



 

Comments

Popular posts from this blog

Introduction Maltego

EXE file structure