ClamAV
Writeup for ClamAV from offsec Proving Grounds
Information Gathering
sudo nmapAutomator.sh 192.168.220.42 all
Service Enumeration
HTTP (Port 80)
We see that there is some binary on the page.
We can use cyberchef to translate it, however, it doesn't seem too useful.
We try running gobuster
on it also, but there isn't anything interesting.
SMB (Port 139,445)
No interesting shares on SMB either.
SMTP (Port 25)
We search the box name and see that there is a RCE exploit with SMTP.
Exploit
Notice that the script opens port 31337 and calls a shell there.
We run the script and it executes without any errors.
Checking port 31337, we see that it is closed before running the Perl script and after running the Perl script, the port becomes open.
We can then connect to it and give the flag -i
to get an interactive shell.
Last updated