Attack | Defense — Pivoting II Walkthrough

Akash c
2 min readApr 22, 2021

--

Network Topology

We have a switch between us and the first target. Followed by another switch between target A and target B.

Enumeration

I start with the nmap scan to get an idea of what might be open on this subnet.

Command:
nmap -p- 192.141.250.2

Results:

Using curl command i identified the version of V-CMS

The V-CMS 1.0 is vulnerable to unauthenticated file upload and code execution vulnerability, The Metasploit exploit/linux/http/vcms_upload module can be used to exploit this vulnerability.

During the exploitation process, I was able to locate the flag.txt file on the root directory of the target system.

The IP address of the network adapter eth1 was identified as 192.39.151.2.

In order to route the traffic through this adapter, I used the autoroute tool.

I then used the portscan module to identify open ports on the target system at IP address 192.39.151.3.

The port scan led to the discovery of a vulnerable vsftp service, which I exploited using the vsftp backdoor exploit. This allowed me to gain access to the target system and successfully capture the flag from the root directory.

--

--

Akash c
Akash c

No responses yet