EXPLOIT WEBMIN USING EXPLOITdb TO HAVING PRIVILEGE ESCALATION (part1)

Day 6

Tools :

• Nmap
• Nessus
• Exploitdb

Target : Finding user account from 192.168.0.21

Victim

 

First time, Information gathering by scanning target using Nmap. And we have some information from the victim like list of open port and service enumeration fom victim.

IG Nmap scanner

Next, we use Nessus to scanning the vulnerability from victim

Vulnerability with Nessus

Showing three medium vulnerable from open port, you can see the description of this vulnerable service. 

Description of Vulnerable Service

By known in the phase Information gathering, service enumeration and vulnerability assesment. I choose open port 10000 with vulnerable service webmin.  Lets Go to using exploitdb to exploit victims system, search the exploit from the vulnerable services.

Search exploit

 In this list, i choose and copy webmin arbitrary file disclosure exploit (perl) to directory /home. Lets see in the directory home and than excecute.

Exploit

Exploit /etc/shadow

In this picture above the exploite target is /etc/shadow, why? because in the /etc/shadow store all user account (username and password). You can see list of username and encrypted password and after success exploit it i am copying file /etc/shadow to my /home directory with the name file goalexploitdb. in /home directory I tried to break up several user accounts from goalexploit into a many filename with the name pass, pass1, pass2 and pass3.

goalexploitdb in my /home directory

Its Nice day...Next post is the part of this session..