Use vi to create exploit.html and paste the powershell into it.cat the powershell_attack.txt file that Unicorn generated and copy it to the clipboard (make sure to avoid any extra spaces at the end or beginning).Restart the Metasploit Framework using the options generated by Unicorn.Follow the above syntax substituting Unicorn’s directory and the IP of the attack box and a random high port.
UPLOAD EXPLOIT SUGGESTER TO LOCAL UPGRADE
Upgrade Shell to Meterpreter with Unicorn ():
If something isn’t working, make sure Burp isn’t intercepting. Navigate to the payload page whose directory was shown in the Burp Repeater/response page. Start a ncat listener on port 4444 to catch the shell the callback the payload will generate. There should be a 200 reponse in the response section along with the directory it uploaded the payload to. Hit go on the Repeater tab and send it to 10.10.10.11 port 8500. Drop the POST request from the Proxy/intercept tab. Go to Burp and copy the POST request on the Proxy/intercept tab to the repeater tab on the request side. Go back to Metasploit and set rhost to 127.0.0.1 and exploit (Make sure intercept is on in Burp). If intercept is on in Burp, make sure to forward the request. Add a listener for port 8500 and loop back only option to redirect to 10.10.10.11 and port 8500.īrowse to localhost:8500 to test the listener in a web browser. Open up Burpsuite and navigate to the proxy options tab. The exploit failed because of the server’s long response time, so there is a little extra work to be done. Pull up the Metasploit Framework, and do a search for coldfusion. There’s a Metasploit module for an arbitrary file upload exploit. Use searchsploit to locate possible exploits. When navigating to port 8500 on a web browser, there is an interesting page in the /CFIDE/administrator directory. 
Port 8500 is the default port for Adobe Cold Fusion.Arctic Box Write-Up Author: Luke DuCharme ( Date Completed: 08 January 2019 Difficulty: Easy IP: 10.10.10.11 OS: Windows Enumeration with Nmap:
0 kommentar(er)
