🧪 Pentest Log: {{date:2025-08-02}}

🔍 Target Information

• Machine Name: Fired
• IP Address: 192.168.217.96
• Operating System: Linux

ip=192.168.217.96

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) 

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 22

Port 9090

hadoop-datanode     Apache Hadoop

Openfire, Version: 4.7.3

found exploit CVE-2023-32315

Port 9091

8000/tcp open  http    ttyd 1.7.3-a2312cb (libwebsockets 3.2.0)
|_http-server-header: ttyd/1.7.3-a2312cb (libwebsockets/3.2.0)
|_http-title: ttyd - Terminal

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

💣 Exploitation

📌 Vulnerability Summary

• Service / Port: 9090
• Vulnerability Type: RCE

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

CVE-2023-32315

https://github.com/miko550/CVE-2023-32315

🧬 Privilege Escalation

👤 Current Access

• User: openfire
• Groups: openfire
• Shell Type: webshell

🔍 Enumeration

Manual:

openfire@openfire:/var/lib/openfire/embedded-db$ cat openfire.script

found root password

INSERT INTO OFPROPERTY VALUES('mail.smtp.password','OpenFireAtEveryone',0,NULL)

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Password Reuse
• Target Binary/Service: N/A
• Reference / Source: N/A

🔧 Exploit Steps

• Smash to root

ssh root@$ip