ochima
00 min
2025-3-27
Date
Mar 23, 2025 → Mar 23, 2025
Tag
Nmap
Brute Force
Privilege Escalation Techniques

192.168.140.32

Nmap

└─# nmap -sT -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-22 21:27 EDT Nmap scan report for 192.168.140.32 Host is up (0.063s latency). Not shown: 65532 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 8338/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 26.54 seconds
└─# nmap -sU -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-22 21:27 EDT Nmap scan report for 192.168.140.32 Host is up (0.076s latency). All 65535 scanned ports on 192.168.140.32 are in ignored states. Not shown: 65535 open|filtered udp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 27.16 seconds

22

try brute force 22
notion image
notion image
fail

80

notion image
I could not get the page normally but I can use scanner to get the resource address and it show below thing which i can access
notion image
notion image
Use curl $ip:80 I can extract the html info, so i try write it down as html local file and open it
notion image
it is a apache2 default page;

8338

notion image
I can access his page
tried easy password but still cant login
notion image
no scanning result
notion image
notion image
We tried to use this exploit but it was unsuccessful. This is likely because the /login page is blocked on this website and redirects directly to the login page. I guess We need to remove /login from the URL.
wait a sec, I forget add the port
The attempt also failed and my guess was incorrect
maybe it is other version, let try find more
notion image
notion image
when i change to 80 port i works

PE

notion image
notion image
notion image
we found that no crontab we can use, but in home we can see a /etc back up file, so we can see many thing in here
notion image
and in the shadow file we found the root password, but it was encrypted
notion image
we try to hashcat it
cant but we found other part
notion image
which we can try access it
notion image
Since it might be a scheduled task, let's try it
notion image
Also add this into the file
notion image
notion image
got the flag.
 
上一篇
HB
下一篇
AZ-900