search

Scanning and Enumeration

hashtag
Scanning

nmap -p- 10.10.10.140
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
nmap -sC -sV -p 22,80 10.10.10.140

hashtag
Enumeration

hashtag

hashtag
Port 22

  • Appears to be default SSH, not much to work with until we find credentials

hashtag
Port 80

Magento Website
Running Gobuster scan
Reading through documentation we find creds.
LogoOn-premises installation overview | Adobe Commercedevdocs.magento.comchevron-right

hashtag
Scanning Magento

Version found

hashtag
Found path with sensitive information

  • root:fMVWh7bDHpgZkyfqQXreTjU9

hashtag
Potential Vulnerabilites

We don't have access with creds we found earlier, but we lets look at remote Code Execution script

hashtag
Analyzing 37977

Analyzing we learn that this is an SQL injection that creates an admin user of forme with credentials forme

PreviousSwagShopNextExploitation

Last updated