Testing Methadologies
We can start the enumeration with a nmap scan
nmap -sC -sC 10.10.10.5
The nmap scan output shows that only two ports are open 21 (FTP) and 80 (HTTP)
FTP has anonymous login enabled and nmap has already done that for us by looking at the output we can see some files like "iisstart.htm" which is the index page of IIS so it shows that the ftp root folder is actually the web server root folder, Now we can create a shell and upload it via FTP and access the file through HTTP
Now we have generated an aspx shell using msfpc which is metasploit payload generator, We can then upload the shell using the put command in ftp and access it from the browser
By accessing the shell from the browser we get a callback to metasploit and we can execute code on the server,
Privilege escalation
Since we are a low privilege user we have to escalate to administrator in order to get the root flag
METASPLOIT HAS A module that checks for local exploits on a machine we can use that to check if the server has any vulnerabilities
BY running the module we can see that it is vulnerable now we can select any one of these modules to gain access as a higher privileged user
Now we are THE administrator user
Comments
Post a Comment