creekorful/blog
1
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity Actions
blog/content/posts/exploiting-sfr-box.md
Aloïs Micard cf961980e9 Add WIP post
2020-09-11 16:41:42 +02:00

989 B
Raw Permalink Blame History

+++ title = "Exploiting the SFR Box + (NB6VAC)" date = "2020-09-11" author = "Aloïs Micard" authorTwitter = "" #do not include @ cover = "" tags = ["Pentest", "Security"] keywords = ["", ""] description = "" showFullContent = false draft = true +++

Enumeration phase

First of all, I have decided to run a simple nmap scan against the box:

PORT     STATE SERVICE     VERSION
53/tcp   open  domain      dnsmasq UNKNOWN
80/tcp   open  http        lighttpd
1287/tcp open  routematch?
1288/tcp open  ssh         Dropbear sshd 2014.65 (protocol 2.0)
MAC Address: 60:35:C0:27:C1:58 (SFR)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

The scan report has shown 3 interesting services running on the box, lets get more details

Port 80 (the web-ui)

Port 1287 (what the hell?)

Port 1288 (SSH access)

The SSH server running on port 1288 is running on Dropbear sshd 2014.65 at this time of writing (2020-09-11) there was no interesting exploit that I could use.