![]() ![]() | Some Capabilities: Support41Auth, InteractiveClient, Speaks41ProtocolNew, SupportsLoadDataLocal, ODBCClient, SupportsCompression, SupportsTransactions, DontAllowDatabaseTableColumn, ConnectWithDatabase, LongPassword, IgnoreSigpipes, FoundRows, LongColumnFlag, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolOld, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPluginsġ2380/tcp open http syn-ack ttl 64 Apache httpd 2.4.18 ((Ubuntu)) |_ Supported Methods: GET HEAD POST OPTIONSġ39/tcp open netbios-ssn syn-ack ttl 64 Samba smbd 4.3.9-Ubuntu (workgroup: WORKGROUP)ģ306/tcp open mysql syn-ack ttl 64 MySQL 5.7.12-0ubuntu1 |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9wvrF4tkFMApswOmWKpTymFjkaiIoie4QD0RWOYnnyĥ3/tcp open domain syn-ack ttl 64 dnsmasq 2.75Ĩ0/tcp open http syn-ack ttl 64 PHP cli server 5.5 or later | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNQB5n5kAZPIyHb9lVx1aU0fyOXMPUblpmB8DRjnP8tVIafLIWh54wmTFVd3nCMr1n5IRWiFeX1weTBDSjjz0IY= | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc/xrBbi5hixT2B19dQilbbrCaRllRyNhtJcOzE8x0BM1ow9I80RcU7DtajyqiXXEwHRavQdO+/cHZMyOiMFZG59OCuIouLRNoVO58C91gzDgDZ1fKH6BDg+FaSz+iYZbHg2lzaMPbRje6oqNamPR4QGISNUpxZeAsQTLIiPcRlb5agwurovTd3p0SXe0GknFhZwHHvAZWa2J6lHE2b9K5IsSsDzX2WHQ4vPb+1DzDHV0RTRVUGviFvUX1X5tVFvVZy0TTFc0minD75CYClxLrgc+wFLPcAmE2C030ER/Z+9umbhuhCnLkLN87hlzDSRDPwUjWr+sNA3+7vc/xuZul |_Can't get directory listing: PASV failed: 550 Permission denied.Ģ2/tcp open ssh syn-ack ttl 64 OpenSSH 7.2p2 Ubuntu 4 (Ubuntu Linux protocol 2.0) #Xc8 compiler 1.42 code| ftp-anon: Anonymous FTP login allowed (FTP code 230) Host is up, received arp-response (0.0063s latency).Ģ1/tcp open ftp syn-ack ttl 64 vsftpd 2.0.8 or later Try using -system-dns or specify valid servers with -dns-servers Mass_dns: warning: Unable to determine any DNS servers. Nmap's UDP script scanning on 192.168.43.2 is completed successfully. ![]() Nmap's UDP script scanning on 192.168.43.1 is completed successfully. Nmap's UDP script scanning on 192.168.43.10 is completed successfully. Nmap's TCP script scanning on 192.168.43.2 is completed successfully. Nmap's TCP script scanning on 192.168.43.1 is completed successfully. Nmap's TCP script scanning on 192.168.43.10 is completed successfully. Nmap's UDP script scanning on 192.168.43.3 is completed successfully. Nmap's TCP script scanning on 192.168.43.3 is completed successfully. Starting to scan 192.168.43.3 for TCP interesting stuff. Starting to scan 192.168.43.3 for UDP interesting stuff. Directory created at: /HaGashash_Projects/Stapler/192.168.43.3. Starting to scan 192.168.43.10 for UDP interesting stuff. Starting to scan 192.168.43.10 for TCP interesting stuff. Directory created at: /HaGashash_Projects/Stapler/192.168.43.10. Starting to scan 192.168.43.2 for UDP interesting stuff. Starting to scan 192.168.43.2 for TCP interesting stuff. Directory created at: /HaGashash_Projects/Stapler/192.168.43.2. Starting to scan 192.168.43.1 for UDP interesting stuff. Starting to scan 192.168.43.1 for TCP interesting stuff. Directory created at: /HaGashash_Projects/Stapler/192.168.43.1. Dependencies check is completed successfully. ifconfig executable is in '/usr/bin/ifconfig' # go run go/src//Gandosha/HaGashash/main.go -project=Stapler -subnet=true -interface=enp0s3 Stapler: 1 Service discovery -> FTP with anonymous access -> Samba users and shares enumeration -> Web directories fuzzing -> Local File Inclusion -> Webshell upload via mysql -> Privilege Escalation (cronjob manipulation) VM: įirst, I fired up HaGashash in order to gain some information about which host to attack and what interesting services run there. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |