this is the first nmap.
after this I open Sparta for automatic recconaissance. In this case the machine have an open 80 port. so Nikto will be lauched by Sparta.
on the port 80 there’s the default IIS 7 page
the server version is IIS-7.5
Nmap discovered the port 21 open.
Sparta discovered an ftp server with anonymous access:
so I tried to log on with ftp client and test a directory listing
let’s try to upload something with the ftp server
Create a new payload with msfvenom
upload is allowed
create an handler on msfconsole (allowed on OSCP!)
and we have a successful exploit
meterpreter is running as
find an exploit suitable with this environment
I’ve found an exploit suitable for this machine
I downloaded and compiled it from my kali. this is the command:
i686-w64-mingw32-gcc exploit.c –o exploit.exe] –lws2_32
after this upload the exploit.exe file to the machine. Use the FTP server in binary mode for the transfer.
after this, simply run the command from the meterpreter shell and…