1/18/2024 0 Comments Filezillawindows 8.1Features required for Hyper-V will not be displayed. Hyper-V Requirements: A hypervisor has been detected. Time Zone: (UTC-08:00) Pacific Time (US & Canada) Input Locale: en-us English (United States) System Locale: en-us English (United States) : AMD64 Family 23 Model 1 Stepping 2 AuthenticAMD ~3094 MhzīIOS Version: VMware, Inc. Since we're dealing with a Windows XAMPP server, we can't use any PHP reverse shell exploit. ![]() Furthermore, there is no trusted IP list or other logic to filter remote file inclusions from untrusted sources, leading to the web server executing arbitrary PHP code served by any routable web server. The web index.php web page uses the PHP include() function without sanitizing user inputs. Looking at the gobuster output and the identical /site directory, these are definitely duplicates, so I'll stop enumerating further on this port. Gobuster Enumeration gobuster dir -u -w /usr/share/seclists/Discovery/Web-Content/big.txt -x php,html -r -o gobuster8080.txt Looks like a duplicate of TCP/4443, but it could be listening for a different hostname. Now, let's try and load the test.php from Kali in the web browser: Let's create a simple "hello world" PHP page and see if the server will load from Kali. Now, this is exciting! Looks like the page has a PHP include() function that loads PHP code from other pages. Let's try injecting a random character in there and see how the web server handles it: ' (single quote character). The next thing that stands out to me is the ?page= parameter in the URL. Let's check it out.įirst thing I like to do is check the page source for any interesting comments, scripts, or other leads to files and directories. TCP/4443 Gobuster Enumeration gobuster dir -u -w /usr/share/seclists/Discovery/Web-Content/big.txt -x php,html -r -o gobuster4443.txt Something to keep in mind if we manage to gain a shell on the target where we could port forward. It requires access to TCP/14147, which may be firewalled off. Seems there's a potential exploit which creates administrative account on a target. Nmap done: 1 IP address (1 host up) scanned in 181.84 secondsĬonfirmed server version: FileZilla 0.9.41 beta. |_ Message signing enabled but not required ![]() Service Info: OS: Windows CPE: cpe:/o:microsoft:windows No exact OS matches for host (test conditions non-ideal). Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed portĪggressive OS guesses: Microsoft Windows 7 (91%), Microsoft Windows Server 2008 SP1 or Windows Server 2008 R2 (90%), Microsoft Windows XP SP3 (88%), Microsoft Windows Server 2008 SP1 (88%), Microsoft Windows 10 (87%), Microsoft Windows 7 or Windows Server 2008 R2 (87%), Microsoft Windows Server 2008 R2 (87%), Microsoft Windows Server 2008 R2 or Windows 8.1 (87%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (87%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (87%) If you know the service/version, please submit the following fingerprint at : |_http-open-proxy: Proxy might be redirecting requestsĤ9664/tcp open msrpc Microsoft Windows RPCĤ9665/tcp open msrpc Microsoft Windows RPCĤ9666/tcp open msrpc Microsoft Windows RPCĤ9667/tcp open msrpc Microsoft Windows RPCĤ9668/tcp open msrpc Microsoft Windows RPCĤ9669/tcp open msrpc Microsoft Windows RPCġ service unrecognized despite returning data. 21/tcp open ftp FileZilla ftpd 0.9.41 betaġ39/tcp open netbios-ssn Microsoft Windows netbios-ssn
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |