|_ /docs/: Potentially interesting folder | /manager/html: Apache Tomcat (401 Unauthorized) | /manager/html/upload: Apache Tomcat (401 Unauthorized) | Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | shared groups, may be susceptible to passive eavesdropping attacks. | of insufficient strength, especially those using one of a few commonly | Transport Layer Security (TLS) services that use Diffie-Hellman groups | Diffie-Hellman Key Exchange Insufficient Group Strength |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-csrf: Couldn't find any CSRF vulnerabilities. Vulnerabilities scan Results ⌗ nmap -script vuln 192.168.0.102 Nmap done: 1 IP address (1 host up) scanned in 148.76 seconds |_ Message signing enabled but not required |_ message_signing: disabled (dangerous, but default) | OS CPE: cpe:/o:microsoft:windows_7::sp1 | OS: Windows 7 Enterprise 7601 Service Pack 1 (Windows 7 Enterprise 6.1) Service Info: Host: IE11WIN7 OS: Windows CPE: cpe:/o:microsoft:windows No exact OS matches for host (If you know what OS is running on it, see ). |_http-open-proxy: Proxy might be redirecting requestsĤ9152/tcp open msrpc Microsoft Windows RPCĤ9153/tcp open msrpc Microsoft Windows RPCĤ9154/tcp open msrpc Microsoft Windows RPCĤ9155/tcp open msrpc Microsoft Windows RPCĤ9156/tcp open msrpc Microsoft Windows RPCĤ9157/tcp open msrpc Microsoft Windows RPC |_ajp-methods: Failed to get a valid response for the OPTION requestĨ080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 |_http-title: Site doesn't have a title (text/html).ġ39/tcp open netbios-ssn Microsoft Windows netbios-ssnĤ45/tcp open microsoft-ds Windows 7 Enterprise 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)ģ389/tcp open ms-wbt-server Microsoft Terminal Service | ftp-anon: Anonymous FTP login allowed (FTP code 230) What services are running? ⌗ nmap -A -sV 192.168.0.102 The idea is to let Apache serve the static content when possible, but proxy the request to Tomcat for Tomcat related content. Historically, Apache has been much faster than Tomcat at serving static content. It an optimized version of the HTTP protocol to allow a standalone web server such as Apache to talk to Tomcat. Nmap done: 1 IP address (1 host up) scanned in 66.26 secondsĪ Windows box, running a bunch of services like ftp, two http servers, smb and ajp.ĪJP is a wire protocol. OS details: Microsoft Windows Server 2008 R2 SP1, Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista::sp1:home_premium cpe:/o:microsoft:windows_7 Enumeration ⌗ OS Fingerprint ⌗ nmap -O 192.168.0.102 In this way, we can recover the FileZilla password on Windows server or Desktop operating systems where you are using it to operate an FTP server.Some fun I hacking on a boot to root challenge I did with a mate recently. Without decrypting anything in the XML file, you will see the Last password used to access the FTP server created on FileZilla. Here we are using Internet Explorer, the default browser of Windows 10/8/7. You will find only a single called “ FileZilla Server Interface.xml”ĭouble click on that FileZilla XML file, it will automatically open in the browser or you can use the notepad as well. Inside the AppData, open Roaming and then FileZilla Server. To do that click on the View option given on the Explorer’s menu of Windows and check the Hidden items option. We need to access the AppData folder which by default is hidden, thus first we have to tell our PC, show the hidden files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |