search

Scanning and Enumeration

hashtag
Scanning 

kali@kali:~/HTB/Optimum$ nmap -sC -sV -p 80 10.10.10.8 -oN optimum 
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-20 19:14 EST
Nmap scan report for 10.10.10.8
Host is up (0.080s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http    HttpFileServer httpd 2.3
|_http-server-header: HFS 2.3
|_http-title: HFS /
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.53 seconds

hashtag
Enumeration

LogoRejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)Exploit Databasechevron-right

Researching this vulnerability we are going to have to do the following:

  • Configure exploit to connect to a port on our attack machine

  • Set up an httpserver with nc.exe running

  • set up our listening

  • Run the python code

This exploit will grab the nc.exe from our server (port 80) execute it and run it and connect it to our attack machine. Further research of the exploit can be found here:

LogoNVD - CVE-2014-6287nvd.nist.govchevron-right

PreviousOptimumNextExploitation

Last updated