Tuesday, 19 July 2016

Scream challenge


This challenge is a Windows XP vulnerable machine. Thank for g0tm1lk for preparation the challenge.

Scanning with aggressive mode all ports TCP.

Good, we know what kind of services serves our target. To be honest I am a little surprised, only four open ports for Windows is a good result. We can see that we are able to log in to FTP as a anonymous user. As far as I know FTP version has assigned public known Buffer Overflow exploit.
In spite of fact that we can log in as anonymous, let's browse a web application.

Wow! So beautiful! I run dirb, but it didn't find any website... So, we have to focus on FTP.

OK, we know that pages are in the root directory, so mayve we will be able to upload our reverse shell script? Unfortunately anonymous user does not have enough privileges for each directory.
I was trying also use Metasploit exploits but without success... Let's try play with SSH.
BINGO! We can use freesshd_authbypass  exploit and we will get SYSTEM privileges (it is equal to root from Unix distribution).
Game Over!