5 privesc
Found exploit for NSClient++
https://www.exploit-db.com/exploits/46802
# get nsclient pass
| located at c:\program files\nsclient++\nsclient.ini
nadine@SERVMON C:\Program Files\NSClient++>nscp web -- password --display
Current password: ew2x6SsGTxjRwXOT
# going to login to NSClient
https://servmon.htb:8443/index.html
# cant figure out login page in firefox
# checking chrome
https://servmon.htb:8443/index.html#/console
login page
Using ew2x6SsGTxjRwXOT,
ERROR: 403 Your not allowed.
nadine@SERVMON C:\Program Files\NSClient++>more c:\program files\nsclient++\nsclient.ini
# shows why it failing
; Undocumented key
allowed hosts = 127.0.0.1
# ssh port forward
$ ssh -L 8443:localhost:8443 nadine@10.10.10.184
# had to use chrome again
# login successful
# follow exploitdb
# didn't get shell
| tried c:\\temp\\kashz.bat
|
Last updated