10.129.1.103
Scanned the machine.
I saw ftp was open lets check if allows anonymous. Looks like it does but nothing is in there.
Nmap part finished.
Checked out the SMB instead.
Looks like tmp might be interesting. There’s a bunch of random files in there that I’m not getting any thoughts right away.
Started to download files to check out what they are.
The other files looked like I couldn’t download them. Will keep this stuff in the back of my head but I think this is a rabbit hole. Started searchsploiting versions and the ftp server looks interesting.
Opened up metasploit.
That didn’t work though.
SSH doesn’t look interesting. The only thing remaining that may be of user is port 3632. Not familiar with this port so I checked out hacktricks https://book.hacktricks.wiki/en/network-services-pentesting/3632-pentesting-distcc.html
Looks like I might be able to use a metasploit module.
I messed up RHOSTS, set that properly but it failed.
Nmap says its vulnerable though.
I ran searchsploit on the SMB version as I hadn’t done that and theres a lot of results.
Realized I missed a 0, reran searchsploit to narrow results as that’s a lot to sift through.
There’s a metasploit module. Let’s try that.
That worked.
I could upgrade the shell but not going to bother at this point.
Submit User Flag –
A: 8c00826f7186351b20251036e2c06c7e
Submit Root Flag –
A: 55f231e377ee99dacbcaedf46aa33891
GG
Hacking Insights by Max Bautista 
Leave a comment