Index:
1. finding the ports.
2. exploiting Redis.
3. cracking RSA key.
4. getting user.
5. getting root.
1. Starting with the portscan with Nmap. I found many ports open, but the scan does not show all the
ports so I scanned all the ports. And I found an interesting port
named Redis.
 | |
| portscan |
 | |
| Redis |
2. For Redis exploitation, either you
can follow the article written in kali-Linux-cookbook or just click
the link below.
3. After getting the shell as Redis, I
found id-rsa.bak in /opt, transfer the encrypted ssh key to my
computer.
4. Then I used the tool ‘ssh2john.py’
to take the hash of the private key and then brute-force the key to
get the password.
python ssh2john.py key doitnow.
 | |
| cracking hash |
5. Then I tried ssh login but it denied
so I again logged in as Redis and used su matt with password
computer2008 and I got the mat user.
 |
| owned user |
5 For root. I enumerate the port 10000
and I found a login page of Webmin 1.910, logged in with the creds of
matt, Then I googled for its exploit and I found a Metasploit module.
It was an authorized remote code execution.we can do this with burp suite also, I already wrote a blog on that.
 | |||||||||||||
| rooted |
Comments
Post a Comment