![]() ![]() ![]() Having gained access to the machine as u0_a76, we look for ways to privilege escalate. Looking in the /sdcard directory, we find user.txt. Using the credentials, we are able to SSH into the machine, however, we are logged in as u0_a76. After opening it, we are given credentials for the kristi user.Įxploiting port 59777 to get user credentials Using the script, we are able to download the picture. Using the exploit, we eventually find a picture named creds.jpg. From the CVE, we are also linked to an exploit hosted on GitHub. Further research reveals the application may be vulnerable to CVE-2019-6447, which allows arbitrary read, write, and application execution. Based on our research, the service is likely owned by ES File Explorer. Seeing as port 59777 appears to be a file/web server of some sort, we research the port further. Using gobuster to enumerate port 59777 Getting User Once gobuster completes, we have results for what appears to be the root directory of an Android device. When we do this, we get “FORBIDDEN: No directory listing” message.Īs this appears to be a webserver, we attempt to scan it with gobuster. Lastly, as we do not have any clues as to what port 39777 is, we decide to open it in the browser. Looking at the results for port 36957, the we do not have much detail as to exactly what is being hosted there. Next, according to research, port 5555 is the Android Debug Bridge (ADB), but it is filtered, so there is not much we can do with it currently either. # Nmap done at Sat Jun 26 14:35:44 2021 - 1 IP address (1 host up) scanned in 123.94 secondsīased on the results, port 2222 is an SSH server, so not much we can do there. No exact OS matches for host (test conditions non-ideal). ![]() | Content-Type: text/plain charset=US-ASCII ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |