Starting with nmap. Scan all ports with masscan Doing another scan in open ports using default script. port 80 reveals Drupal website. Looking at CHANGELOG.txt we are using Drupal version 7.54. Simple Google searching, we found another exploit here. Oopss!! let me try that again. Sweet! I am iusr. what can I do?? Let’s grab […]

Starting with nmap Only three ports are open. On browsing http://10.10.10.11:8500 , we see two directories. These two folders represent ColdFusion. http://10.10.10.11:8500/CFIDE/administrator reveals following page: Coldfusion 6-10 is vulnerable to LFI attack. From the above screenshot, we know we have CF version is 8. We will use the following as suggested here. http://10.10.10.11/CFIDE/administrator/enter.cfm?locale=…………….\ColdFusion8\lib\password.properties%00eā€‹n From above […]

Start the hack with nmap Check if we have anonymous access or not. Nice, we have anonymous. Further, check if we can write there or not. I already have tested and it came positive. HTTP shows the server has IIS installed. We can upload the aspx webshell from FTP and try to access it from […]