(07-21-2016, 02:33 AM)koboi Wrote: ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dll
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.
ane ada lengkapnya, haah di sini ane udah exploit smbv2 tp gak work
Nmap scan report for 10.10.14.32
Host is up (0.00045s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp filtered domain
80/tcp open http
|_http-cross-domain-policy: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
| Found the following possible CSRF vulnerabilities:
|
| Path: http://10.10.14.32:80/
| Form id: wl_crypto
| Form action: apply.cgi
|
| Path: http://10.10.14.32/#
| Form id: wl_crypto
|_ Form action: apply.cgi
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
| Found the following indications of potential DOM based XSS:
|
| Source: document.writeln("<input type='button' class='button' id='btnReset' value='"+share.sbuttonwizcancle+"' onClick='window.location.reload()
|_ Pages: http://10.10.14.32:80/, http://10.10.14.32/#
|_http-fileupload-exploiter:
|_http-frontpage-login: false
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1248/tcp filtered hermes
2869/tcp filtered icslap
MAC Address: C4:43:8F:AF:4B:59 (LG Electronics)
Nmap scan report for 10.10.14.38
Host is up (0.0011s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5357/tcp open wsdapi
MAC Address: B0:5A:DA:DB:43:C5 (Hewlett Packard)
Host script results:
|_samba-vuln-cve-2012-1182: SMB: ERROR: Server disconnected the connection
| smb-vuln-cve2009-3103:
| VULNERABLE:
| SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
| State: VULNERABLE
| IDs: CVE:CVE-2009-3103
| Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,
| Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a
| denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE
| PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,
| aka "SMBv2 Negotiation Vulnerability."
|
| Disclosure date: 2009-09-08
| References:
| http://www.cve.mitre.org/cgi-bin/cvename...-2009-3103
|_ https://cve.mitre.org/cgi-bin/cvename.cg...-2009-3103
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: SMB: Failed to receive bytes after 5 attempts: TIMEOUT
Sorry kang.. klo bleh tau , itu ente pke printahnya apa ya buat scanya..
