AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Download wing ftp server rce10/10/2023 ![]() ![]() So it works along with the webserver on port 80. It’s used as a database for a webserver and message broker among other things. I wasn’t familiar with Redis prior to this box, so I did google search and found Redis stands for Remote Dictionary Server. That leaves us with port 6379 and the service Redis. There are exploits for SSH, but in my experience SSH is used primarily in the post-exploitation phase either for privilege escalation or establishing a better shell once you’ve obtained credentials. I’ve mentioned this before but SSH on port 22 in terms of penetration testing is rarely the initial entry point for a box. However we don’t find anything else useful. Here again we confirm the hidden directories we found with Gobuster. When I encounter a webserver or a HTTP port I always can it with Nikto. Only a couple of directories and nothing that looks particularly interesting. gobuster dir –wordlist /usr/share/wordlists/dirb/big.txt –url 172.31.1.9ĭidn’t find very much using Gobuster. I’ll use Gobuster to find any hidden directories that might be lurking behind port 80. SSH on 22, a web server on 80, and a uncommon port of 6379 which is hosting Redis 4.0.8. ![]() Get in the habit of scanning all TCP ports, as with Red if you only scan the top 1000 ports you will miss port 6379. 64-bit Linux OS: Ubuntu 12+, CentOS 7.0+, Red Hat RHEL 7.0+.As per usual we start with a Nmap scan of the target.Install the new version without any change.Backup your data files to a safe place (copy the whole "/Data" directory).And if you are not sure which version is right for you, please see the edition difference here. ![]() If you need more features available in Standard/Secure/Corporate edition, please purchase a license and register it. After 30 days, you can continue using it as a Free edition for non-commercial use. ![]() Wing FTP Server is distributed under the shareware license, and you can download and evaluate a fully functional trial version for 30 days. ![]()
0 Comments
Read More
Leave a Reply. |