5 privesc

Found exploit for NSClient++
https://www.exploit-db.com/exploits/46802

# get nsclient pass
| located at c:\program files\nsclient++\nsclient.ini
nadine@SERVMON C:\Program Files\NSClient++>nscp web -- password --display
Current password: ew2x6SsGTxjRwXOT

# going to login to NSClient
https://servmon.htb:8443/index.html
# cant figure out login page in firefox
# checking chrome

https://servmon.htb:8443/index.html#/console
login page

Using ew2x6SsGTxjRwXOT,
ERROR: 403 Your not allowed.

nadine@SERVMON C:\Program Files\NSClient++>more c:\program files\nsclient++\nsclient.ini
# shows why it failing

; Undocumented key
allowed hosts = 127.0.0.1

# ssh port forward
$ ssh -L 8443:localhost:8443 nadine@10.10.10.184
# had to use chrome again
# login successful

# follow exploitdb
# didn't get shell
 | tried c:\\temp\\kashz.bat
 | 

Last updated