HackMyVm Driftingblues7 Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=Driftingblues7


Scan ports.

nmap -sV -sC -p- 192.168.56.99  -oN ports.log

图片.png


Check port 80, redirect to port 443, it's eyesofnetwork app login panel.

图片.png



Scan port 66.

gobuster dir -u http://192.168.56.99:66 -t 10  -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt  -x .html,.php,.txt,.bak,.zip -b 401,403,404,500 --wildcard  -o 66.log

图片.png


Check eon, base64, it's a zip file.

图片.png


Download eon, base64 decode, create zip file and bruteforce the zip.

wget -O -  http://192.168.56.99:66/eon | base64 -d > eon.zip
...
fcrackzip -u -D -p /usr/share/wordlists/rock_ascii.txt eon.zip
PASSWORD FOUND!!!!: pw == killah

Get credentials of EyesOfNetwork.

图片.png


Check exploits of EyesOfNetwork 5.3 online.

https://www.exploit-db.com/exploits/48025


Download the POC, modify the code to login directly with creds we found.

图片.png


Run the code, directly get root.

图片.png

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年5月    »
1
2345678
9101112131415
16171819202122
23242526272829
3031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2