37 lines
989 B
Markdown
37 lines
989 B
Markdown
+++
|
|
title = "Exploiting the SFR Box + (NB6VAC)"
|
|
date = "2020-09-11"
|
|
author = "Aloïs Micard"
|
|
authorTwitter = "" #do not include @
|
|
cover = ""
|
|
tags = ["Pentest", "Security"]
|
|
keywords = ["", ""]
|
|
description = ""
|
|
showFullContent = false
|
|
draft = true
|
|
+++
|
|
|
|
# Enumeration phase
|
|
|
|
First of all, I have decided to run a simple nmap scan against the box:
|
|
|
|
```
|
|
PORT STATE SERVICE VERSION
|
|
53/tcp open domain dnsmasq UNKNOWN
|
|
80/tcp open http lighttpd
|
|
1287/tcp open routematch?
|
|
1288/tcp open ssh Dropbear sshd 2014.65 (protocol 2.0)
|
|
MAC Address: 60:35:C0:27:C1:58 (SFR)
|
|
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
|
|
```
|
|
|
|
The scan report has shown 3 interesting services running on the box, lets get more details
|
|
|
|
## Port 80 (the web-ui)
|
|
|
|
## Port 1287 (what the hell?)
|
|
|
|
## Port 1288 (SSH access)
|
|
|
|
The SSH server running on port 1288 is running on `Dropbear sshd 2014.65`
|
|
at this time of writing (2020-09-11) there was no interesting exploit that I could use.
|