OSCP
Total OSCP GuidePayloads All The Things
  • Welcome!
    • ⬆️Privilege Escalation
      • 🪟Windows
        • 📋Windows Privesc Checklist
        • 🚪Backdoor & RDP Access
        • Service Binary Hijacking
        • SeBackupPrivilege
        • SeRestorePrivilege
        • SeDebugPrivilege
        • SeEnableDelegationPrivilege
        • SeTakeOwnershipPrivilege
        • SeManageVolumePrivilege
        • SeLoadDriverPrivilege
        • DnsAdmins
        • Hyper-V Administrators
        • Server Operators
        • GPO
        • Mimikatz
        • Weak Permissions
        • Vulnerable Services
        • DLL Injection
        • Citrix Breakout
        • UAC
        • Credential Hunting
        • 🔎Windows Post Enumeration
        • 🥔Potatoes
      • 🐧Linux
        • 📋Linux Privesc Checklist
        • ✳️Sudo Tar Wildcard
        • nfs privesc
        • ↻ logrotate
        • Capabilities
        • Password Authentication Abuse
    • 🖥️Active Directory
      • 🔎AD Post Enumeration/Exploitation
        • 🔎Powerview
        • 🐶Bloodhound
      • 🔧AD Tools
      • 👾AD Exploitation
        • Post Exploitation
        • PowerShell
        • 🔥Asreproasting
        • 🔥Kerberoasting
        • 🔁DCSync
        • 🥇Golden Ticket Attacks
        • 🥈Silver Ticket Attack
        • PetitPotam
        • 🏃SMB Relaying
        • 📜Certificate Authority (CA)
        • Pass the Password or Pass the Hash
        • ➡️Lateral Movement
          • Child-to-Parent CIFS
          • ExtraSids
    • 🔎Enumeration
      • 📋Enumeration Checklist
      • SNMP Enumeration
      • IRC Enumeration
      • FTP Enumeration
      • SMTP Enumeration
      • TFTP Enumeration
      • RPC Enumeration
      • Postgres Enumeration
      • Ldap Enumeration
      • RPC Enumeration
      • Strategy
      • RDP Session Hijacking
      • Bullet Proof Strategy Methodology
    • 🕵️‍♂️Exploitation
      • Client Side Attacks
        • ODT Macro (Libreoffice)
        • Microsoft Office Macros
      • 🐚Shells & Payloads
      • 🔐Password Attacks
    • 🕸️Web Applications
      • SSRF
      • 📋Web Application Checklist
      • 💉SQL Injection
      • </> Command Injections
      • 🏞️Path Traversal & File Inclusion
      • 📤File Upload Attacks
      • 🔓IDOR(Insecure Direct Object References)
      • ❌XSS (Cross-Site Scripting)
      • 👽XXE(XML External Entity)
      • 🦪Log4Shell
      • 💻Abusing APIs
      • 📖Custom Wordlist
      • 📛Bypassing WAF
    • 🔀Pivoting
    • 📁File Transfer
    • Buffer Overflow
    • Miscellaneous
    • Ⓜ️Metasploit
    • 🚶 Walkthroughs
      • Hack The Box
        • Absolute HTB
        • Active HTB
        • Arctic HTB
        • Bank Robber HTB
        • Bashed HTB
        • BLUE HTB
        • Cerberus HTB
        • Devel HTB
        • Escape HTB
        • Forest HTB
        • Granny HTB
        • Headless HTB
        • Jerry HTB
        • Kioptrix
        • Lame HTB
        • Legacy HTB
        • Netmon HTB
        • Nibbles HTB
        • Node HTB
        • Optimum HTB
        • Pandora HTB
        • Sense Htb
        • Soccer HTB
        • Stream IO
        • Support HTB
        • Updown HTB
      • PG Practice
        • Access 2
          • 80
          • Exploit
        • Apex
          • 80
          • 445
          • 3306
          • Exploit
        • Astronaut
          • 80
          • Exploit
        • Auth By
          • 21
          • 242
          • 3145
        • Billyboss
          • 21
          • 8081
        • Boolean
          • 80
          • 33017
          • Exploit
        • Bullybox
          • 80
          • Exploit
        • Clue
          • 445
          • 3000
          • 8021
          • Exploit
        • Cockpit
          • 80
          • 9090
          • Exploit
        • DVR 4
          • 22
          • 8080
        • Extplorer
          • 80
          • Exploit
        • Fanatastic
          • 3000
          • Exploit
        • Fired
          • 9090
          • 9091
        • Flu
          • 8090
          • Exploit
        • Hawat
          • 17445
          • 30455
          • 50080
          • Exploit
        • Heist
          • 80
          • Exploit
        • Hepet
          • 25
          • 143
          • 20001
          • 79 Finger
          • 8000 Or 443
          • Exploit
        • Hetemit
          • 80
          • 18000
          • 50000
          • Exploit
        • Hokkaido
          • 445
          • 1433
        • Hunit
          • 8080
          • 12445
          • 18030
          • Exploit
        • Hutch
          • 80
          • 389
          • 445
        • La Vita
          • 80
        • Levram
          • 8000
        • Marketing
          • 80
          • Exploit
        • Medjed
          • 445
          • 8000
          • 30021
          • 33033
          • 44330
          • 45332
          • Med Jed
        • Mzeeav
          • 80
        • Nagoya
        • Nickel
          • 22
          • 80
          • 8089
          • 33333
        • Nukem
          • 80
          • Exploit
        • Ochima
          • 8338
        • Payday
          • 80
          • RPC
        • Pc
          • 8000
          • 65432
          • Exploit
        • Peppo
          • 22
          • 113
          • 8080
          • Exploit
        • Post Fish
          • 22
          • 80
          • 143
          • Exploit
        • Pyloader
          • 9666
          • Exploit
        • Quacker Jack
          • 80
          • 445
          • 8081
          • Exploit
        • Readys
          • 80
          • 6379
          • Exploit
        • Resourced
        • Roquefort
          • 3000
          • Exploit
        • Scrutiny
          • 80
        • Shenzi
          • 80
          • 445
          • 3306
          • Exploit
        • Slort
          • 8080
          • Exploit
        • Sorcerer
          • 80
          • 7742
          • 8080
          • Exploit
        • Squid
          • 445
          • 3128
          • 8080
          • Exploit
        • Sybaris
          • 21
          • 6379
          • Exploit
        • Walla
          • 23
          • 25
          • 8091
          • Exploit
        • Wombo
          • 80
          • 6379
          • 8080
          • Exploit
        • Xposedapi
          • 13337
        • Zen Photo
          • 23
          • 80
          • 3306
          • Exploit
        • Zipper
          • 80
        • Access
        • Algernon
        • Bratarina
        • Clam AV
        • Craft
        • Exfiltrated
        • Heist
        • Helpdesk
        • Hokkaido
        • Internal
        • Jacko
        • Kevin
        • Nibbles
        • Pebbles
        • Pelican
        • Snookums
        • Twiggy
        • Vault
      • Try Hack Me
        • All Signs Point 2 Pwnage
          • 21
          • 80
          • 445
        • Attacktive Directory
          • 445
          • Kerberos
        • Blueprint
          • 445
          • 8080
          • Exploit
        • Hack Park
          • 80
        • Relevent
          • 80
          • 443
          • 445
          • 49663
          • Exploit
        • Weasel
          • 445
          • 8888
          • Exploit
        • Wreath
          • MS 01
            • 22
            • 443
            • 10000
          • Ms 02
            • 80
          • Ms 03
            • 80
            • Exploit
        • Year Of The Owl
          • 80
          • 161
          • 445
          • 5985
          • Exploit
      • Vuln Lab
        • Baby
        • Baby 2
        • Bamboo
        • Breach
        • Bruno
        • Data
        • Delegate
        • Dump
        • Escape
        • Feedback
        • Forgotten
        • Hybrid
        • Job 2
        • Lock
        • Media
        • Reflection
        • Retro
        • Sendai
        • Slonik
        • Sync
        • Tengu
        • Trusted
Powered by GitBook
On this page
  • Host:
  • Nmap

Was this helpful?

  1. Welcome!
  2. 🚶 Walkthroughs
  3. PG Practice
  4. Wombo

Exploit

Host:

192.168.241.69

Nmap

PORT      STATE  SERVICE    REASON         VERSION
22/tcp    open   ssh        syn-ack ttl 61 OpenSSH 7.4p1 Debian 10+deb9u7 
53/tcp    closed domain     reset ttl 61
80/tcp    open   http       syn-ack ttl 61 nginx 1.10.3
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-server-header: nginx/1.10.3
|_http-title: Welcome to nginx!
6379/tcp  open   redis      syn-ack ttl 61 Redis key-value store 5.0.9
8080/tcp  open   http-proxy syn-ack ttl 61
| http-robots.txt: 3 disallowed entries 
|_/admin/ /reset/ /compose
|_http-title: Home | NodeBB
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.1 404 Not Found
|     X-DNS-Prefetch-Control: off
|     X-Frame-Options: SAMEORIGIN
|     X-Download-Options: noopen
|     X-Content-Type-Options: nosniff
|     X-XSS-Protection: 1; mode=block
|     Referrer-Policy: strict-origin-when-cross-origin
|     X-Powered-By: NodeBB
|     set-cookie: _csrf=_fAGXZd6zt-IRu05EQcAojCK; Path=/
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 11098
|     ETag: W/"2b5a-wHHkGOtgjzzcHzMee6kkpHWkXLc"
|     Vary: Accept-Encoding
|     Date: Sun, 11 Aug 2024 05:47:22 GMT
|     Connection: close
|     <!DOCTYPE html>
|     <html lang="en-GB" data-dir="ltr" style="direction: ltr;" >
|     <head>
|     <title>Not Found | NodeBB</title>
|     <meta name="viewport" content="width&#x3D;device-width, initial-scale&#x3D;1.0" />
|     <meta name="content-type" content="text/html; charset=UTF-8" />
|     <meta name="apple-mobile-web-app-capable" content="yes" />
|     <meta name="mobile-web-app-capable" content="yes" />
|     <meta property="og:site_n
|   GetRequest: 
|     HTTP/1.1 200 OK
|     X-DNS-Prefetch-Control: off
|     X-Frame-Options: SAMEORIGIN
|     X-Download-Options: noopen
|     X-Content-Type-Options: nosniff
|     X-XSS-Protection: 1; mode=block
|     Referrer-Policy: strict-origin-when-cross-origin
|     X-Powered-By: NodeBB
|     set-cookie: _csrf=weciDVIbnvwq0V-l08hcj-3R; Path=/
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 18181
|     ETag: W/"4705-fYjWFhU+316FwkhFlfWfiBv9Y/s"
|     Vary: Accept-Encoding
|     Date: Sun, 11 Aug 2024 05:47:22 GMT
|     Connection: close
|     <!DOCTYPE html>
|     <html lang="en-GB" data-dir="ltr" style="direction: ltr;" >
|     <head>
|     <title>Home | NodeBB</title>
|     <meta name="viewport" content="width&#x3D;device-width, initial-scale&#x3D;1.0" />
|     <meta name="content-type" content="text/html; charset=UTF-8" />
|     <meta name="apple-mobile-web-app-capable" content="yes" />
|     <meta name="mobile-web-app-capable" content="yes" />
|     <meta property="og:site_name" content
|   HTTPOptions: 
|     HTTP/1.1 200 OK
|     X-DNS-Prefetch-Control: off
|     X-Frame-Options: SAMEORIGIN
|     X-Download-Options: noopen
|     X-Content-Type-Options: nosniff
|     X-XSS-Protection: 1; mode=block
|     Referrer-Policy: strict-origin-when-cross-origin
|     X-Powered-By: NodeBB
|     Allow: GET,HEAD
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 8
|     ETag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
|     Vary: Accept-Encoding
|     Date: Sun, 11 Aug 2024 05:47:22 GMT
|     Connection: close
|     GET,HEAD
|   RTSPRequest: 
|     HTTP/1.1 400 Bad Request
|_    Connection: close
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: 152FF7D5AE5BDB84B33D4DCA31EB7CD3
27017/tcp open   mongodb    syn-ack ttl 61 MongoDB
| fingerprint-strings: 
|   FourOhFourRequest, GetRequest, OfficeScan, apple-iphoto, docker, hazelcast-http, metasploit-msgrpc: 
|     HTTP/1.0 200 OK
|     Connection: close
|     Content-Type: text/plain
|     Content-Length: 85
|     looks like you are trying to access MongoDB over HTTP on the native driver port.
|   mongodb: 
|     errmsg
|     command serverStatus requires authentication
|     code
|     codeName
|_    Unauthorized
| mongodb-databases: 
|   errmsg = command listDatabases requires authentication
|   ok = 0.0
|   codeName = Unauthorized
|_  code = 13
| mongodb-info: 
|   MongoDB Build info
|     buildEnvironment
|       distarch = x86_64
|       distmod = debian92
|       target_os = linux
|       ccflags = -fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp
|       cc = /opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0
|       cxx = /opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0
|       cxxflags = -Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14
|       linkflags = -pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro
|       target_arch = x86_64
|     ok = 1.0
|     storageEngines
|       1 = ephemeralForTest
|       2 = mmapv1
|       3 = wiredTiger
|       0 = devnull
|     gitVersion = 6883bdfb8b8cff32176b1fd176df04da9165fd67
|     maxBsonObjectSize = 16777216
|     debug = false
|     modules
|     allocator = tcmalloc
|     versionArray
|       1 = 0
|       2 = 18
|       3 = 0
|       0 = 4
|     version = 4.0.18
|     openssl
|       compiled = OpenSSL 1.1.0l  10 Sep 2019
|       running = OpenSSL 1.1.0l  10 Sep 2019
|     sysInfo = deprecated
|     bits = 64
|     javascriptEngine = mozjs
|   Server status
|     errmsg = command serverStatus requires authentication
|     ok = 0.0
|     codeName = Unauthorized
|_    code = 13
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at 

UDP?

Previous8080NextXposedapi

Last updated 8 months ago

Was this helpful?