Difference between revisions of "Pinky's Palace: v1 ~ VulnHub - Walkthrough"

m (Discovery)
m (Entry Point #1 - Port NN (XXX))
Line 31: Line 31:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
=== Entry Point #1 - Port NN (XXX) ===
+
=== Entry Point #1 - Port 8080 (HTTP) ===
 
==== Enumeration ====
 
==== Enumeration ====
 
<syntaxhighlight  lang=shell-session highlight="" line>
 
<syntaxhighlight  lang=shell-session highlight="" line>

Revision as of 06:36, 13 June 2018

Objective

xxxxxxxxxxxxxxxxxxxxx

Source: [xxxxxx]

Status: [In Progress]

Methodology

Discovery

Identify the target

root@kali:~# nmap -sP 192.168.56.0/24
.....
root@kali:~# export TANGO=192.168.56.104
root@kali:~# nmap -O -sT -sV -p- -T5 $TANGO

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-23 19:11 EDT
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for $TANGO
Host is up (0.00098s latency).
Not shown: 65532 closed ports
PORT      STATE SERVICE    VERSION
8080/tcp  open  http       nginx 1.10.3
31337/tcp open  http-proxy Squid http proxy 3.5.23
64666/tcp open  ssh        OpenSSH 7.4p1 Debian 10+deb9u2 (protocol 2.0)
MAC Address: 08:00:27:A3:C5:2A (Oracle VirtualBox virtual NIC)
Device type: general purpose

Entry Point #1 - Port 8080 (HTTP)

Enumeration

xxxxx


xxxxx

Exploitation

xxx xxx xxx

xxx
xxx

xxx

xxx
xxx

Final Notes

xxx

Appendix A: Vulnerability Detail and Mitigation

xxx
Rating High
Description xxxx
Impact xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Remediation xxxxxxxxxxxxxxxxx