Scanning and Enumeration

Scanning

nmap -p- 10.10.10.140
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
nmap -sC -sV -p 22,80 10.10.10.140

Enumeration

Port 22

  • Appears to be default SSH, not much to work with until we find credentials

Port 80

Magento Website
Running Gobuster scan
Reading through documentation we find creds.
https://devdocs.magento.com/guides/v2.4/install-gde/install/cli/install-cli-install.htmldevdocs.magento.com

Scanning Magento 

php magescan.phar scan:all http://10.10.10.140
Version found

Found path with sensitive information

  • root:fMVWh7bDHpgZkyfqQXreTjU9

Potential Vulnerabilites

We don't have access with creds we found earlier, but we lets look at remote Code Execution script

Analyzing 37977

Analyzing we learn that this is an SQL injection that creates an admin user of forme with credentials forme

PreviousSwagShopNextExploitation

Last updated

Was this helpful?