![]() ![]() Use vi to create exploit.html and paste the powershell into it.cat the powershell_attack.txt file that Unicorn generated and copy it to the clipboard (make sure to avoid any extra spaces at the end or beginning).Restart the Metasploit Framework using the options generated by Unicorn.Follow the above syntax substituting Unicorn’s directory and the IP of the attack box and a random high port.Upgrade Shell to Meterpreter with Unicorn (): If something isn’t working, make sure Burp isn’t intercepting.Navigate to the payload page whose directory was shown in the Burp Repeater/response page.Start a ncat listener on port 4444 to catch the shell the callback the payload will generate.There should be a 200 reponse in the response section along with the directory it uploaded the payload to.Hit go on the Repeater tab and send it to 10.10.10.11 port 8500.Drop the POST request from the Proxy/intercept tab.Go to Burp and copy the POST request on the Proxy/intercept tab to the repeater tab on the request side.Go back to Metasploit and set rhost to 127.0.0.1 and exploit (Make sure intercept is on in Burp). If intercept is on in Burp, make sure to forward the request. Add a listener for port 8500 and loop back only option to redirect to 10.10.10.11 and port 8500.īrowse to localhost:8500 to test the listener in a web browser.Open up Burpsuite and navigate to the proxy options tab. ![]() The exploit failed because of the server’s long response time, so there is a little extra work to be done. ![]() Pull up the Metasploit Framework, and do a search for coldfusion.There’s a Metasploit module for an arbitrary file upload exploit.Use searchsploit to locate possible exploits.When navigating to port 8500 on a web browser, there is an interesting page in the /CFIDE/administrator directory.Port 8500 is the default port for Adobe Cold Fusion.So may yield false positives.Arctic Box Write-Up Author: Luke DuCharme ( Date Completed: 08 January 2019 Difficulty: Easy IP: 10.10.10.11 OS: Windows Enumeration with Nmap: Unfortunately in all honesty it can not take into account patches or back ported patches. Feel free to contribute, as this is released under Opensource GPLv2. It is likely that there are gaps, or errors within this script. ![]() Linux_Exploit_ -k 3.0.0Ĭan be found within our GitHub Repository: Linux_Exploit_ -k 2.6.28Īlt: ia32syscall,robert_you_suck CVE-2010-3301Īgain, here is similar output for a more modern 3.0.0 Kernel: $ perl. This gave me an idea create my own that actually works….Īs the name suggests, this is a Linux Exploit Suggester, with no frills and no fancy features just a simple script to keep track of vulnerabilities and suggest possible exploits to use to gain ‘ root‘ on a legitimate penetration test, or governing examining body □Īctions speak louder than words, so attached is sample output for querying a 2.6.28 Kernel: $ perl. Among these files was a broken script (that did not work) that would suggest possible exploits given the release version ‘ uname -r’ of the Linux Operating System. The Hackers uploaded numerous exploits and scripts in an attempt to compromise a Linux RedHat server. Many moons ago I stumbled across a broken script on an incident response job. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |