Initial Enumeration So a Windows box with 3 ports open. Port 135: RPC There is a vulnerability for XP boxes for RPC on 135 and MSF has an exploit for it but it didn't work. Worth a shot but not this time. I suspect that port 49154 is the higher  port associated with the RPC Port 8500: fmtp? Google seems to think this is Flight Message Transfer Protocol. I tried connecting via netcat but didn't get much. Curl produced a result though: So an HTTP service. Let's see what it looks like in a browser:   I recognise those directory names from ColdFusion penetrations done Continue Reading

Initial Enumeration So we have a linux box with 2 open ports and a filtered port. Let's check out the ports in turn: 22/OpenSSH 7.5p2 Not much use at this stage. No known exploits for it and no usernames to even brute force 80/HTTP nginx 1.12.2 Browsing to the site shows: It's a Where's Waldo (that's Where's Wally to us Brits) themed site with a web app called List Manager. If you click Add List, a list is added and given the next number in the the sequence. And you can delete it with the Delete button. Viewing the page source we can see it uses a Javascript function called list.js and we Continue Reading