Posts

Showing posts from March, 2020

five86: 1 Walkthrough

Image
five86: 1 Walkthrough Netdiscover- Nmap- Running OpenNetAdmin Service on Port 80- Found Command Injection Exploit of Exploit-DB- https://www.exploit-db.com/download/47772 Downloaded the file using wget and changed the file name to .rb file. Next copied to Metasploit exploits directory as- cp 47772.rb /usr/share/metasploit-framework/modules/exploits/ Using msfconsole with the above module as- Setting up LHOST and RHOST- Running the Exploit-(Found Low Privilege shell)- Enumerating the Directory- Accessing .htpasswd file- Found Douglas hash in the .htpasswd file- So, I found that the password is a 10-character “aefhrt” string, so you’ll need to prepare a 10-character long password dictionary. Here we use crunch to create the dictionary and execute the following command to follow the pattern of the password as the author has said. Used Crunch- Usage: crunch <min> <max> [options] Getting Has...

Nmap Scan Script -Vulnerability Scan

Image
Nmap Scan Script -Vulnerability Scan sudo git clone https://github.com/scipag/vulscan.git kali@kali:/usr/share/nmap/scripts$ sudo chmod +x vulscan/ kali@kali:/usr/share/nmap/scripts/vulscan$ sudo chmod +x * cd .. kali@kali:/usr/share/nmap/scripts$ sudo git clone https://github.com/vulnersCom/nmap-vulners.git kali@kali:/usr/share/nmap/scripts$ cd nmap-vulners/ kali@kali:/usr/share/nmap/scripts/nmap-vulners$ sudo chmod +x * kali@kali:/usr/share/nmap/scripts/nmap-vulners$ nmap --script vulscan,nmap-vulners -sV localhost Thanks!!