To validate in a faster and automated way, we will perform an analysis of local vulnerabilities to scale privileges with a script powershell. With the information obtained we can perform a search to find an attack vector that gives us a privilege scaling in the system. With the command “systeminfo” we analyze which operating system is running on the machine and in which version it is. Ready friends, we can now execute commands on the server. To run Remote Code Execution from our webshell we just need to add the parameter ?cmd= and the command we want to run. We are going to use a very useful tool to search exploits of known vulnerabilities in information systems, this we will achieve with )] # cat session.json The Drupal version can be enumerated by browsing to 10.10.10.9/CHANGELOG.txt We are going to perform a directory discovery with DIRB to see if we find something )] # dirb /usr/share/dirb/wordlists/common.txt. If we open this web page in a browser we can see this is in fact a drupal instance. With the previous port scan we did with Nmap, we managed to identify port 80 open. Service Info: OS: Windows CPE: cpe:/o:microsoft:windowsīefore proceeding, we can realize that we have already identified that the system is running Drupal with version 7. | /includes/ /misc/ /modules/ /profiles/ /scripts/ | http-robots.txt: 36 disallowed entries (15 shown ) In any process to hack or have total control over a server in an unauthorized manner must start with a system enumeration.įor this we will perform a simple scan with Nmap, in the following )] # nmap -T4 -Pn -sV -F -sC -oN Bastard.nmap 10.10.10.9 To carry out this demonstration, we will perform a penetration test on a vulnerable machine called Bastard published on the HackTheBox platform.
0 Comments
Leave a Reply. |