Privilege Escalation
Target this time is / etc / shadow in the server, first of all do information gathering, I use nmap, after receiving
information, then we match it with the tools vunlnerability scanner, I use nessus
turned out to open the same port, 22,80,137,139, 445, 10000,
after the scan, a strange looking port :) here we are trying to enter the port 10000 (webmin)
before entering the metasploit, we check first in exploitDB, with the keyword webmin
type the command :
./webmin searchsploit
It turns out there was no exploit, but before we execute, we first copy the home folder first,
platforms/multiple/remote/2017.pl cp / root
why we choose the arbitrary file, because the ability to read the file permissions are beyond our. After the exploit file copied to the home folder and then we execute the command :
perl 2017.pl
contents all options granted last execution.
After getting the password, we copy all the contents of / etc / shadow earlier to a new txt file, with any name, here I save with the name password.txt
crack do with john the ripper to perform the command. Existing picture of this post? for cracking passwords will be continued in my next post,
good luck:)
information, then we match it with the tools vunlnerability scanner, I use nessus
turned out to open the same port, 22,80,137,139, 445, 10000,
after the scan, a strange looking port :) here we are trying to enter the port 10000 (webmin)
before entering the metasploit, we check first in exploitDB, with the keyword webmin
type the command :
./webmin searchsploit
It turns out there was no exploit, but before we execute, we first copy the home folder first,
platforms/multiple/remote/2017.pl cp / root
why we choose the arbitrary file, because the ability to read the file permissions are beyond our. After the exploit file copied to the home folder and then we execute the command :
perl 2017.pl
contents all options granted last execution.
After getting the password, we copy all the contents of / etc / shadow earlier to a new txt file, with any name, here I save with the name password.txt
crack do with john the ripper to perform the command. Existing picture of this post? for cracking passwords will be continued in my next post,
good luck:)
Comments
Post a Comment