http [Initial Access]

At port 80

At port 50000

Looking At Subdirectory:

Found nothing interesting.

Found one exploit for version mentioned in nmap scan. But Condition to run this exploit is that debug mode should be on.

Werkzeug - 'Debug Shell' Command ExecutionExploit Database

Not sure about the debug mode is on or not. Let's run this and try.

After running exploit, It says that Debug is not enabled. So, Currently we cannot run this exploit.

Checking background of website at 50000 [Working]

I can see it is running on python.

when I passed data using curl. Value got evaluate. If i am getting right then this means that value is getting runned in background.

As We have Python. Let's try Python reverse shell code to try to get the shell.

This didn't give me a shell. Let's Run OS command of Python and see if it works.

We can see that the OS module is present. Then I tried to run the COmmand, and every time I ran the command, I got the value "0." I am guessing that this means that the command ran without error.

Now I will get the shell using NC. Start the Listener.

Then Run shell command:

You will get the shell.

Stabalize the shell.