Today i've learned about privileges escalation in my class. Privileges escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
I've try to do Privileges Escalation to host 192.168.0.21
First step, i use a zenmap tools to get an information about that host.
From the result above, i know if the victim was use a Linux System Operation and have 5 ports which opened. There are :
- Port 22 and the service is SSH
- Port 80 and the serrvice is HTTP
- Port 139 and the service is Netbios-SSN
- Port 445 and the service is Netbios-SSN
- Port 10000 and the service HTTP
After i get an information, i try to use Nessus to scan a Vulnerabilities in that host and i get a report like this.
From the result above, i know if port 22 have a high risk level. Then i try to open the information inside it which have a high risk level. And the report is like this.
From the report above, i get an information about a vulnerabilities if the remote SSH host keys are weak. So i try to check it from ExploitDB.
After i try one by one OpenSSH which located there, i can't find a way to get a password.
So i try to get a password from the other open port. I try to use port 10000 because i see an information from zenmap if the version in that port was least than other.
I try to open it from browser first.
So i check it with Nessus and i get an information like this.
After that i check it again with ExploitDB about webmin version below 1.296 and i get an information like this.
There, i get 2 webmin with version least 1.290. I try to see a file which have an phyton extension and i get a guide how to use it.
Then i try to use it with command perl 2017.pl 192.168.0.21 10000 /etc/shadow 0 and i get something like this.
Wow. i get 4 username and password.
No comments:
Post a Comment