Pivoting III
Steps taken:
1. Take the banner of the first target machine:
2. Use “curl” to figure out the software being used on this server.
1
- Notice that the program that sticks out is named "XODA". When I look it up it says that it is a "free web-based self hosted file manager". You can use this to find exploit about this specific software.
3. Setup the database to be used for metasploit and then start it.
1
2
3
4
# service postgresql start
# msfdb init
# msfconsole -q
msf > db_status
4. Now, check whether there is an exploit for this “XODA” software.
1
msf > search XODA
1
- There is one!
5. Setting up the exploit and then executing it:
1
- Backtrack and remove this meterpreter shell! Use a generic shell first and then upgrade it!
6. Get the flag!
7. Now, set the pivot!
- Here’s the internal network:
8. Portscan the hidden machine in the internal network now that the pivot has been set up!
1
- Since 139 and 445 ports are open, we can assume that its using SAMBA share.
9. Try if you can NMAP the machine inside the internal network to find more information.
- Since there are a lot of exploits for samba, try to find ones for unix and linux!
- I found that exploit/linux/samba/is_known_pipename seems to work!
10. Get the flag!
