![]() ![]() We could look into various Potato attacks, which hinge on this user privilege. This allows us to, you guessed it, impersonate a user after authentication. The Lian user has SeImpersonatePrivilege enabled. I’ll begin the process by running a simple command to check what privileges our current user has. With access to the target as the low privileged user Lian we can start to enumerate the system and find our path to privilege escalation. Meterpreter session established from 172.31.1.20 We are logged in as Admin to the Wing FTP administration console. In this case I tried a few different username/password combinations. It won’t always be an easy win but sometimes you get lucky. I recommend doing this anytime you find a login page. Let’s try a couple of weak and or default password combinations. We find an administrative login page for Wing FTP. ![]() Let’s browse to this page and investigate. The one port that stands to me is port 8080. While we have multiple ports open most of the services being hosted on those ports require authentication and therefore credentials before we can connect to and utilize them. In the output we see multiple open ports, let’s drill into these and figure determine what to focus on first. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |