11/2020
Target IP: 10.10.10.180. This machine runs HTTP service on port 80 and SMB service on port 445. The server uses Umbraco CMS version 7.12.4 which is susceptible to remote file execution exploitation.
Foothold gained by leveraging said vulnerability to spawn a reverse shell.
The vulnerability requires administrator privilege on Umbraco configuration page.
User credential is exposed on a shared directory of SMB service (/site_backups/Umbraco.sdf file).
Privilege escalation via WinPEAS (Windows Privilege Escalation Awesome Scripts)
easy
User: 1df7a734d801cafa8315a224f518ec7a
Root:01180bb31b3923b11ed8e4c8dd3afc15
Nmap port scan result.
Services discovered: FTP (21), HTTP (80), RPC (135), Portmapper (111), SMB (445), Network filesystem (2049).
Target is a Windows host.
<aside> 💡
Portmapper is a service that is utilized for mapping network service ports to RPC (Remote Procedure Call) program numbers.
</aside>
<aside> 💡
Network File System (NFS) is a system designed for client/server that enables users to seamlessly access files over a network as though these files were located within a local directory.
</aside>
Examining the web application hosted on the server
