CVE-2017-0143 nmap --script=smb-os-discovery.nse --script-args=unsafe=1 -script=smb-vuln-ms17-010.nse -p445 <ip> This host is vulnerable to popular CVE-2017-0143, I decided to use metasploit: I have system privileges
No hints regarding version of October CMS admin:admin I wanted to check version: There is a possibility to upload a files. File with extension .php5 is located, so I will…
pwdbackup.txt looks interesting I checked it with CyberChef and didn't get any "magic" hint. Later I will decode it There is a LFI access.log is accessible I don't have permissions…
Looks like heart with bleed.. 22 ssh OpenSSH 5.9.p1 5ubuntu1.1080 http Apache 2.2.22443 https Apache 2.2.22 AES-128-CBC encrypted RSA private key I tried to crack this, but I couldn't. Vulnerabilities…
Initial scan shows 2 open ports
Looks like some old version of pfsense. Default credentials (admin:pfsense) doesn't work. Only http/https ports are opened Nothing interesting so far Certificate date Username is exposed rohit:pfsense works: Version: 2.1.3…
After going back to login page, I tried a few default credentials and one trivial combination worked. We are logged as "Customer" No hints from cyberchef Nothing interesting about technologies…
After going to http site, user is being redirected to: So I decided to try /etc/passwd Host is vulnerable to local file inclusion There are users related to tftp service…
Port 8443 It looks like it is a Unify app vulnerable to Log2j - CVE-2021-44228 If app is facing public network you can check if site is vulnerable by testing…
Initial scan of Vaccine shown 3 open ports.
Marceli