Date
Mar 20, 2025 → Mar 20, 2025
Tag
Nmap
Privilege Escalation Techniques
Web Exploitation
192.168.247.46
Nmap
└─# nmap -sT -p- --min-rate 5000 $ip
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-20 01:53 EDT
Nmap scan report for 192.168.247.46
Host is up (0.059s latency).
Not shown: 65531 filtered tcp ports (no-response)
PORT STATE SERVICE
21/tcp open ftp
242/tcp open direct
3145/tcp open csi-lfap
3389/tcp open ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 26.53 seconds
└─# nmap -sU -p- --min-rate 5000 $ip
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-20 01:53 EDT
Nmap scan report for 192.168.247.46
Host is up (0.056s latency).
All 65535 scanned ports on 192.168.247.46 are in ignored states.
Not shown: 65535 open|filtered udp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 26.93 seconds
21
login successfully
nothing was found
we also can use admin:admin to login the account.
use the hash we can get the password
$apr1$oRfRsc/K$UpYpplHDlaemqseM39Ugg0:eliteoffsec:elitewe login 242 successfully
we can upload the
we upload two php script let our reverse shell uploaded and running
After access the url, we are got the reverse shell successfully
we are not admin
got local flag
we have OS version that can let us know script to gain PE
Use this we can have system privilege.
got the flag