Add WIP post
This commit is contained in:
Aloïs Micard
parent
b3c3738311
commit
cf961980e9
1 changed files with 37 additions and 0 deletions
37
content/posts/exploiting-sfr-box.md
Normal file
37
content/posts/exploiting-sfr-box.md
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
+++
|
||||
title = "Exploiting the SFR Box + (NB6VAC)"
|
||||
date = "2020-09-11"
|
||||
author = "Aloïs Micard"
|
||||
authorTwitter = "" #do not include @
|
||||
cover = ""
|
||||
tags = ["Pentest", "Security"]
|
||||
keywords = ["", ""]
|
||||
description = ""
|
||||
showFullContent = false
|
||||
draft = true
|
||||
+++
|
||||
|
||||
# Enumeration phase
|
||||
|
||||
First of all, I have decided to run a simple nmap scan against the box:
|
||||
|
||||
```
|
||||
PORT STATE SERVICE VERSION
|
||||
53/tcp open domain dnsmasq UNKNOWN
|
||||
80/tcp open http lighttpd
|
||||
1287/tcp open routematch?
|
||||
1288/tcp open ssh Dropbear sshd 2014.65 (protocol 2.0)
|
||||
MAC Address: 60:35:C0:27:C1:58 (SFR)
|
||||
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
|
||||
```
|
||||
|
||||
The scan report has shown 3 interesting services running on the box, lets get more details
|
||||
|
||||
## Port 80 (the web-ui)
|
||||
|
||||
## Port 1287 (what the hell?)
|
||||
|
||||
## Port 1288 (SSH access)
|
||||
|
||||
The SSH server running on port 1288 is running on `Dropbear sshd 2014.65`
|
||||
at this time of writing (2020-09-11) there was no interesting exploit that I could use.
|
||||
Loading…
Add table
Add a link
Reference in a new issue