- The first place to start is looking for information gathering and service enumeration by using nmap.
from the nmap port where we can find the most discovered open port
that is 80, 445, 22, 139, 10000
- we now try to open 192.168.0.112 and coupled to 10000
2. This second phase we search for the VA could use the nessus and exploitdb
in nessus :
ALL report nessus: http://pastehtml.com/view/bmhkcdvwv.rtxt
in exploitdb :
- go to applications exploiting db
write searchsploit webmin
why webmin., because it's written on 192.168.0.112:10000 login to webmin
- next then we do the cp command to get into the next stage
- subsequent examination by using the ls command to find out 2017.pl already entered.
- next write perl 2017.pl to determine the target 0 -> HTTP, 1 -> HTPPS
- then we do attacking 192.168.0.112 on port 10000 with the name of the file / etc / shadow type of target 0
..^
Komentar ini telah dihapus oleh pengarang.
BalasHapus