![Netmap emulation mode](https://loka.nahovitsyn.com/209.jpg)
![upload exploit suggester to local upload exploit suggester to local](https://mrreh.com/wp-content/uploads/2020/04/Screenshot-20200416204546-1014x315-1-768x239.png)
It appears the current access is the default IIS user: Navigating to the ASPX shell uploaded via FTP:Ī Meterpreter shell was received: Privilege Escalation payload to specify the payload type, in this case, the Java reverse shell.Starting MSFConsole, selecting the multi handler module, setting and running the exploit: Uploading the ASPX shell onto the web server’s root directory through FTP: -f to specify the format for the shell, in this case, ASPX.LPORT to specify the local port to connect to.LHOST to specify the localhost IP address to connect to.
Upload exploit suggester to local windows#
-p to specify the payload type, in this case, the Windows TCP Reverse Shell.The first step is to generate some shellcode using MSFvenom with the following flags: This means that through FTP it is possible to upload arbitrary files that will be served on the web server, this can be exploited by uploading malicious executable files and browse to them to have the web server execute them. Logging into it reveals the MicrosoftIIS default index page: Enumerating FTPĪccording to the Nmap scan, the FTP server allows anonymous authentication. The first thing to do is to run a TCP Nmap scan against the 1000 most common ports, and using the following flags:īased on this scan FTP and HTTP are open no the remote host so the next steps will be to start enumerating them. This was an easy Windows box that involved exploiting an open FTP server to upload an ASPX shell and gain remote access to the host, and the MS10-015 KiTrap0D vulnerability to escalate privileges to SYSTEM.
![Netmap emulation mode](https://loka.nahovitsyn.com/209.jpg)