🔬 Windows: Workflow Platform
Nmap scan
Observations:
the OS is Windows Server between 2008 R2 and 2012
a web server is running, using PHP
MySQL server but we can't access it (unauthorized): this suggests that either no authentication credentials were provided during the scan or the scan was not able to authenticate successfully with the MySQL service.
RDP is running but ew don't know any credentials
Start from the web server, which seems more promising, and simply open the browser to see what you find (a web app called Process Maker).
Looking at the source (Ctrl+U) and at the bottom doesn't reveal any version we could use to check for exploits.
💡 Search for default credentials online --> user: admin | password: admin
Once you logged, under ADMIN > Settings you can find the app version. You can also understand why we got a MySQL db running.
Since the lab doesn't have internet access, we need to use searchsploit:
We have credentials, so copy locally that exploit to check its code.
The description tell us what it does. To exit from the vim editor just press ESC and then :q!.
Since it's a metasploit module, open the MSFconsole and create a new workspace.
The exploit we were looking for is exploit/multi/http/processmaker_exec.
Set RHOST and then run the exploit.
Last updated
