![]() ![]() Import requests import json import ast import sys if len ( sys. # Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read Root kali : ~/ htb / explore # more 50070.py When I try to connect I get prompted to install ADB first: Still it’s worth a poke to start with, and I find a good post here that gives the basics ADB and how to access it. This is usually accessible over the network, but the nmap scan shows it as filtered. The list of ports confirm this with a few interesting ones to look at further: 2222/tcp open ssh SSH-2.0-SSH Server - Banana Studioįirst I tried port 5555 which for Android devices is usually the Android Debug Bridge Daemon (ADB). Nmap done: 1 IP address (1 host up) scanned in 59.84 secondsįrom the box description we know this is an emulated Android device. ![]() ![]() =NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)= Skills learned are working with Android devices and ADB. Skills required are enumeration and researching exploits. ![]() From there we get and ADB shell which let’s us escalate to root to complete the box. We use port forwarding via SSH to allow us to access the ADB daemon running internally on port 5555. We use a public exploit for arbitrary file access and retrieve credentials which allow us gain access via SSH. This box is a little different because we’re working on an Android device, however the goal is the same we still want that root flag! After an initial enumeration we find a number of open ports. We can use the below command in the terminal to fetch and enumerate more stuff than we can via the PoC.Explore is rated as an easy machine on HackTheBox. Here, actually /sdcard is a symlink 1 to /storage/emulated/0 2Īfter inspecting how the PoC works, we can see that the poc.py is POSTing data/payload on port 59777. We can see the /sdcard is the starting directory, i.e. We run the poc.py from the Github repo on our target. The proof-of-concept is also listed on this post:ĮS File Explorer Open Port Vulnerability - CVE-2019-6447 The application starts an HTTP server every time the app is launched. This post explains how a vulnerability in ES File Explorer application exposes user data. We search for android port 59777 and we get Android file manager app exposing user data through open port as 1st result. Hence open ports are: 59777, 42135, 2222, 5555įoothold # Open Port Vuln in popular app # # Nmap done at Sun Jul 4 11:16:39 2021 - 1 IP address (1 host up) scanned in 28.09 seconds If you know the service/version, please submit the following fingerprint at : ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |