Attack | Defense — Pivoting II Walkthrough
We have a switch between us and the first target. Followed by another switch between target A and target B.
We start with our nmap scan to get an idea of what might be open on this subnet.
nmap -p- 184.108.40.206
Using curl command we identified the version of V-CMS
The V-CMS 1.0 is vulnerable to unauthenticated file upload and code execution vulnerability, The Metasploit exploit/linux/http/vcms_upload module can be used to exploit this vulnerability.
The flag.txt file was located on the root directory.
The IP address of the network adapter eth1 is 220.127.116.11
We used the autoroute to route the traffic through 18.104.22.168
We used the portscan module to identify the open ports in 22.214.171.124
We used the vsftp backdoor exploit to access the machine 126.96.36.199 and captured the flag from root directory