📔
Hack World
  • Welcome to Hack World
  • Writeup
    • Proving Grounds - Practice
      • AuthBy
      • Jacko
      • UT99
      • Sirol
      • Twiggy
      • Bratarina
      • Internal
      • Algernon
      • Metallus
      • Kevin
      • Helpdesk
      • Slort
      • Shenzi
      • Pelican
      • Walla
      • Zino
      • Nibbles
      • ZenPhoto
      • Wombo
    • CyberSecLabs
      • Lazy
      • Red
      • Shock
      • CMS
      • Debug
      • Leakage
      • Simple
      • Shares
      • Unroot
      • Outdated
      • Fuel
      • Pie
    • Vulnhub
      • Linux
        • BTRSys2.1
        • CyberSploit1
        • SunsetNoontide
    • HackTheBox
      • Cap
Powered by GitBook
On this page
  • nmap
  • Exploitation

Was this helpful?

  1. Writeup
  2. Proving Grounds - Practice

Algernon

PreviousInternalNextMetallus

Last updated 3 years ago

Was this helpful?

nmap

mkdir nmap
sudo rustscan -a 192.168.96.65 --ulimit 5000 -- -T4 -A -oA nmap/all-ports-service-scan

A web server is open on port 9998, also an interesting service is on port 17001.

When I open my browser, the website redirects to a log-in page.

Exploitation

The website is running SmarterMail and looks like there's a Remote Code Execution vulnerability we can try.

Let's mirror this exploit to our local machine.

Edit the script, then set the HOST variable with the target IP address, set LHOST with your local machine IP address, and set LPORT to 80

Setup a reverse shell listener on port 80

Execute the following to run the script, python3 49216.py and you should received a shell with nt authority\system privilege