PG Nickel
The ports of nmap have come to this. The ports are getting too long for me to write down now. I'll have to memorize the (paste -d, -s) part. AWK is comfortable for me.
21 | FTP | FileZilla Server 0.9.60 beta | No vulns 22 | SSH | OpenSSH for_Windows_8.1 (protocol 2.0) | No vulns 135 | RPC | Nothing interesting in rpcdump.py. 139 | SMB | srs.sys MS90-050 not working. 3389 | Remote Desktop | Can't connect. No known vulns. 8089 | CSRF vuln showing in nmap. Stange a links to internal IP address. 33333 | CSRF vuln showing in nmap. Invalid token. Vuln must be in 8089 and 33,333
At first, I think this must be some CSRF vuln. I play around with the IP Address to get it to 192.168.232.99. I go to 33333 itself and enter the /list-running-procs. I change up the HTTP Methods. I lookup some here: https://doc.oroinc.com/api/http-methods/ . As a developer, you can code for these methods however you want.
I enter in "POST" for the URI /list-running-procs. That returns something. The SSH line looks like the way in.
I learned my lesson from the last box and looked more closely at out of place folders. The C:\FTP had an Infrastructure.pdf so I took it. It was password protected.
UnrelatedLessons Learned
- Found out where to download exe for winPEAS
- Rediscovered certutil
- Rediscovered netcat file transfers
Need to Do
- plink.exe and ssh port forwarding did not work. Access Denied
- Relearn this ^
- Relearn accessck and icalcs
- Relearn scp
Comments
Post a Comment