Thank's to the VulnHub we can find the VM here.
We should be here:
Cool, it seems we already have some users to try if needed ;)
When my nmap scan was still in progress I saw that there are few HTTP ports, for example:
Version was so new that I decided to check it at Google, maybe there are already published exploits/bugs. In the mean time I found another interesting 'case':
...but maybe we'll back to that later... I found that there are some poc's already available (for example for Metasploit) so I decided to check it:
...and then, nmap was ready:
Some potential here? ;]
"The way I see it":
- when nmap was not ready and I found that Zenoss I was wondering if there is any 'default password list'
- I tried: admin, zenoss, password, and so on...
- and one of the passwords I tried was good to log in as admin :)
...then I found the default password in MSF module... ;>
Anyway...
Ok, that was fast ;]
Quick revert to $python -c 'import pty;pty.spawn("/bin/bash")' and we are here:
I was wondering if this can be any faster:
(hey, remember the nmap-log?) After a while I found that there is Splunk :) So next thing was to check perms:
Cool. Next thing for me was to find some information about 'how to build a proper Splunk App' to upload my shell... I found few interesting cases described online (for example: here, here or here).
After the lecture I decided to prepare 'my own app' (tldr: I tried the poc from Msf but I could not get reverse shell so the only 'way' was to read the source of example apps - and mine app - and prepare correct app to upload;))
Still no revshell :C
I tried to rewrite my super app again and upload it (again...):
Ok, new error during the upload... After a while I saw next one 'your flash is not up to date, Splunk will not run'. So I decided to run IExplore.exe and go to the upload page again ;>
Console-output like in old telnets ;D Cool ;)
Thanks for the CTF goes to: PentesterAcademy
Thanks for the sharing goes to: VulnHub
See you next time.
Brak komentarzy:
Prześlij komentarz