InfoSec LAB

Web

Nmap discovered a web server running on the target port 80

Webroot It appears to be a custom website

Wappalyzer identified technologies involved it shows that the webserver is running off of umbraco and written in ASP.NET

umbraco is an open-source content management system (CMS) platform for publishing content on the World Wide Web and intranets.

The “Contact” page has a button to an external link

Admin Panel

Clicking the button led to a login page. This must be the login page to the administrative web GUI panel for Umbraco CMS

I will use the extracted credential from the NFS share that Remote a backup of the web server

Successfully logged in to the administrative Web GUI panel

I can also see the users. The ssmith user is confirmed to be a valid user for the Umbraco CMS

I also found the version information Umbraco 7.12.4

Vulnerability

┌──(kali㉿kali)-[~/archive/htb/labs/remote]
└─$ searchsploit Umbraco CMS 7.12.4
------------------------------------------------------------- ---------------------------------
 Exploit Title                                               |  Path
------------------------------------------------------------- ---------------------------------
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution   | aspx/webapps/46153.py
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)   | aspx/webapps/49488.py
------------------------------------------------------------- ---------------------------------
shellcodes: No Results
papers: No Results

Umbraco 7.12.4 is vulnerable to RCE

InfoSec LAB

Explorer

Remote_Web

Web

Admin Panel

Vulnerability

Interactive Graph View

Table of Contents

Backlinks