Exploiting Port 6697 – Unreal IRCd
This service was already exploited in Metasploitable 2. But is it the same version?
It is not possible to determine the specific version running on Metasploitable3 but because there is only one exploit available in MSF, we better try it.
Like before, this is a very easy exploit:
This is a low privilege shell because boba_fett is not part of the sudo group. But he is also part of the docker group…
Exploiting Port 8181 – Ruby on Rails
The Ruby on Rails web application running on the system at port 8181 has a remote code execution vulnerability which can be exploited using the proper MSF module. However, this exploit requires knowledge of the secret used to sign the session cookie. How can we get that?
This is an important clue… cookies
Decoding cookie using Burp
Let’s capture the traffic with Burp Suite and see what we can find inside.
Fortunately, the web server conveniently sends us the secret in the Set-Cookie header.
Send everything to the decoder:
Now, use the smart decoder:
This will identify the breaks in the cookie code. Next, decode as Base64:
Andy you will have the cookie secret:
Now that we have the secret a7aebc287bba0ee4e64f947415a94e5f, we can use it to get our shell.
It is a root shell…!
Next post:
5 comments:
Cyberspaceshield is a company with group of certified hacker, who are always ready to assist you with all your cyber problems.
We’ve been in existence for ages now, we are reliable and helpful in terms of cyber bullying.
We can help you get all your cyber threats and bullies solved in less than what you can ever imagine.
These are somethings we specializes on:
➡️ Phone hacks/cloning
➡️ Credit scores Repair
➡️ Social media Hacks (Facebook, Instagram, tik tok).
➡️ Binary options
➡️ Binary Recovery
➡️ Clear criminal records etc.
The internet is full of scammers, that’s why we’re here to help you fight them out.
If you’ve been a victim of scam, don’t hesitate to write us on
EMAIL: Cyberspaceshield@gmail.com
Thank you!!!
**HIGH CREDIT SCORES SSN FULLZ AVAILABLE**
>For tax filling/return
>SSN dob DL all info included
>For SBA & PUA filling
>Fresh spammed & Fresh database
**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**
=>Contact 24/7<=
Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
SSN+DOB
SSN+DOB+DL
High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid info found, will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff
TOOLS & TUTORIALS AVAILABLE FOR
(Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)
Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Viruses
Keylogger & Keystroke Logger
Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
Paypal Logins
Bulk SMS Sender
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2 with & without pin
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)
->Serious buyers are always welcome
->Big discount in bulk order
->Offer gives monthly, quareterly, half yearly & yearly)
->Hope we do a great business together
CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks
What's Up Guy's
We're providing Fresh, Legit & Guaranteed Fullz/Pros, Tools & Tutorials
Genuine stuff & verified
exploit.tools4u at gmail dot com
@peeterhacks SKYPE/WICKR
ICQ\TG @killhacks
WA +92 317 272 1122
Packages are also available for
Spamming|Carding|Hacking|Cloning|Spying
SSN|DOB|DL fullz in Bulk quantity Available
High Credit Scores Pros (700+ scores)
(Spammed from credit bureau of USA)
Fullz CC with CVV available with below info
CCNumber|CVV|MM|YYYY|NAME|ADDRESS|SSN|DOB
Other necessary tools of these type of jobs are also available
Under professional Hackers guidance
Delivery available 24/7
Samples will be provided just for fullz
No testing for tools
If you wanna learn Hacking|Spamming we will guide you too
Searching for a reliable and efficient Laravel dev team? Choose Connect Infosoft Technologies for unrivaled Laravel development services. With a proven track record of successful projects and a talented team of Laravel experts, we are committed to delivering high-quality solutions tailored to your business requirements. Contact us now to embark on your Laravel development journey.
Selling Best And Genuine Spamming Tools Like,
*RDP
*SMTP
*cPanel Hosting
*WHM
*Email Leads
*Office 365 Email Leads
*Bulk Phone Number
*Residential Proxy
*Email Extractor
*Fullz Debit/Credit Card
And Many Working Spamming Tools And Scam Pages Are Available Here.
Website: https://toolz.store
ICQ: @cpanelmaster
TG: @cpanelmaster
Contact 24/7 Service Available.
Post a Comment