=======================================================

Wednesday, September 12, 2012

PRIVILAGE ESCALATION -- SECTION 1

Mission
  • Search account which registered on server.
Information Gathering
==> Scan with Nmap >>> # nmap -A -sn 192.168.56.0/24

 Result:
  • IP Target ==> 192.168.56.101
  • Open Ports ==> 22 ; 80 ; 139 ; 445 ; 10000
Try to open on browser => http://192.168.56.101 and using port 10000 => http://192.168.56.101:10000


Services Enumeration
 With command == > # nmap -A 192.168.56.101

Result :
  • Services which running on system ==> Openssh ; Apache ; Samba ; Webmin
  • OS using linux 2.6.22
Vulnerability Assesment
Using Nessus :

Possibility of Vulnerable :
  • SSH ==> Port 22
  • Samba ==> Port 445
  • Webmin ==> Port 10000
Search Attack to target from exploitdb :
Exploit/Pentest

Using exploitdb ==> multiple/remote/2017.pl
To running ==> Usage: platforms/multiple/remote/2017.pl <url> <port> <filename> <target>
TARGETS are
 0  - > HTTP
 1  - > HTTPS
Define full path with file name
Example: ./webmin.pl blah.com 10000 /etc/passwd

Result :

See the account which register on system but is still encrypted ==> Use John the ripper ==> On next section.

==========================================================================
==========================================================================
Time

No comments:

Post a Comment

Subscribe to: Post Comments (Atom) 

==========================================================================
==========================================================================
                                                                
IIIIIIIIII   SSSSSSSSSSSSSSS  222222222222222           CCCCCCCCCCCCC
I::::::::I SS:::::::::::::::S2:::::::::::::::22      CCC::::::::::::C
I::::::::IS:::::SSSSSS::::::S2::::::222222:::::2   CC:::::::::::::::C
II::::::IIS:::::S     SSSSSSS2222222     2:::::2  C:::::CCCCCCCC::::C
  I::::I  S:::::S                        2:::::2 C:::::C       CCCCCC
  I::::I  S:::::S                        2:::::2C:::::C              
  I::::I   S::::SSSS                  2222::::2 C:::::C              
  I::::I    SS::::::SSSSS        22222::::::22  C:::::C              
  I::::I      SSS::::::::SS    22::::::::222    C:::::C              
  I::::I         SSSSSS::::S  2:::::22222       C:::::C              
  I::::I              S:::::S2:::::2            C:::::C              
  I::::I              S:::::S2:::::2             C:::::C       CCCCCC
II::::::IISSSSSSS     S:::::S2:::::2       222222 C:::::CCCCCCCC::::C
I::::::::IS::::::SSSSSS:::::S2::::::2222222:::::2  CC:::::::::::::::C
I::::::::IS:::::::::::::::SS 2::::::::::::::::::2    CCC::::::::::::C
IIIIIIIIII SSSSSSSSSSSSSSS   22222222222222222222       CCCCCCCCCCCCC
                                                                   
==========================================================================
==========================================================================

My Classmate

Show All 

==========================================================================
        (        )      )          (    (           (     
  *   ) )\ )  ( /(   ( /(   (      )\ ) )\ )        )\ )  
` )  /((()/(  )\())  )\())  )\    (()/((()/(   (   (()/(  
 ( )(_))/(_))((_)\  ((_)\((((_)(   /(_))/(_))  )\   /(_)) 
(_(_())(_)) __ ((_)  _((_))\ _ )\ (_)) (_))_  ((_) (_))   
|_   _|| _ \\ \ / / | || |(_)_\(_)| _ \ |   \ | __|| _ \  
  | |  |   / \ V /  | __ | / _ \  |   / | |) || _| |   /  
  |_|  |_|_\  |_|   |_||_|/_/ \_\ |_|_\ |___/ |___||_|_\  
                                                         
==========================================================================