Senin, 30 Januari 2012

exploitation in Privilege Escalatian


  1. The first place to start is looking for information gathering and service enumeration by using nmap.


 from the nmap port where we can find the most discovered open port
that is 80, 445, 22, 139, 10000

  •  we now try to open 192.168.0.112 and coupled to 10000
written there. told to enter a username and password..,
  

    2.  This second phase we search for the VA could use the nessus and exploitdb

 in nessus :

 













ALL report nessus: http://pastehtml.com/view/bmhkcdvwv.rtxt



in exploitdb :
  • go to applications exploiting db
"./" this command to execute
write searchsploit  webmin
why webmin., because it's written on 192.168.0.112:10000 login to webmin


  • next then we do the cp command to get into the next stage
then write the command cp platforms/multiple/remote/2010.pl ~


  • subsequent examination by using the ls command to find out 2017.pl already entered.
  • next write perl 2017.pl  to determine the target 0 -> HTTP, 1 -> HTPPS

  • then we do attacking 192.168.0.112 on port 10000 with the name of the file / etc / shadow type of target 0

..^
Diposting oleh di
Label:

1 komentar:

Langganan: Posting Komentar (Atom)