AuthBy
Last updated
Was this helpful?
Last updated
Was this helpful?
Open ports on 21 and 242
Visiting the HTTP Server on port 242 requires Basic Authentication
On FTP, logging in as anonymous seems to work.
I tried downloading the files but it seems I don't have read permission.
Looking at the directories, there's a folder called accounts
If I have to guess, these files are the usernames allowed to access this server.
Let's try to log in using admin as the username and password. And looks like there are 3 interesting files in this user account.
First, let's download all of these files on our local machine.
One of the files in there is called .htpasswd and it contains a username and the password hashed.
Let's cracked this using john
We can also upload to the FTP server. I'm guessing, this means the FTP directory is where the website is hosted in. We can leverage this by uploading a PHP reverse shell via FTP and triggering it by vising the page using the credential we have cracked using john.
Edit the IP Address and the port at the bottom of the script. Set the port to 242.
Set up a reverse shell listener on port 242
Upload the shell via FTP
Open your browser, and trigger the exploit. Log in using the credentials we have found above.
After that, you should receive your shell right away.
First, copy the output of systeminfo to our local machine.
Then execute the following to get the possible privilege escalation exploits.
After some time, I found this looking good exploit.
Open an SMB Server to your machine.
Transfer the privilege escalation exploit.
After running the exploit, you should instantly get a SYSTEM shell.
Thanks and enjoy the rest of your day!
Create a PHP reverse shell. But on this demo, I will use this . Copy the source code and put that in your machine. I named it to php-rev.php
Since winPEAS is not working somehow. I tried to search for privilege escalation exploits using .
I have found a pre-compiled executable of this exploit . Download a copy to your local machine.
