The version of `war-ftpd` that was running seemed to be vulnerable to a buffer overflow (http://www.securityfocus.com/bid/22944/info), but some manual attempts at causing the overflow were unsuccessful; suggesting this may actually be patched or a misidentification.
Continue reading
Service DiscoveryA full port scan using masscan (masscan -p 0-65535 10.2.0.104 --rate=500) revealed three open ports: 22, 80 and 6667. Nmap subsequently fingerprinted the services on these ports to be OpenSSH, Apache and ngircd:
Continue reading
Service DiscoveryRunning a port scan of the top 1000 ports using Nmap (nmap -sS -sV -sC -vv 10.2.0.104) revealed that the machine has a number of different public facing services; one of which Nmap was unable to fingerprint:
Continue reading
Service DiscoveryRunning Nmap (nmap -sS -sV -Pn -vv -T4 10.2.0.104) revealed that SSH, Apache and Samba are all running on the host:
Continue reading
Exploiting the Web ServerRunning Nmap (nmap -sS -sV -Pn -T4 -vv 192.168.22.131) showed that only two services seemed to be exposed on this machine (SSH and Apache), so I jumped straight in to looking at the web server.
Continue reading