机器介绍123456789Unrested is a medium difficulty `Linux` machine hosting a version of `Zabbix`. Enumerating the version of `Zabbix` shows that it is vulnerable to both [CVE-2024-36467](https://nvd.nist.gov/vuln/detail/CVE-2024-36467) (missing accesscontrols on the `user.update` function within the `CUser` class) and [CVE-2024-42327](https://nvd.nist.gov/vuln/detail/CVE-2024-42327) (SQL injection in `user.get` function in `CUser` class) which is leveraged to gain user access on the target. Post-ex...

12345678910111213141516171819202122232425262728293031323334353637383940414243444546└─$ sudo nmap -sS 10.10.11.231 -p- --min-rate=2000[sudo] password for fonllge:Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-10 01:52 ESTNmap scan report for 10.10.11.231Host is up (0.14s latency).Not shown: 65509 closed tcp ports (reset)PORT STATE SERVICE53/tcp open domain88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap445/tcp open microsoft-ds...

nmap123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106└─$ sudo nmap -sS 10.10.10.235 -p80,8443,10250,10251,31337 --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-04 03:02 ESTNmap scan report for unobtainium.htb (10.10.10.235)Host is up (0.28s latency).PORT STATE SERVICE80/tcp open http8443/tcp open https-...

nmap12345678910111213Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-26 00:37 ESTWarning: 10.10.11.134 giving up on port because retransmission cap hit (10).Stats: 0:00:38 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth ScanSYN Stealth Scan Timing: About 48.37% done; ETC: 00:38 (0:00:39 remaining)Stats: 0:00:58 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth ScanSYN Stealth Scan Timing: About 71.68% done; ETC: 00:39 (0:00:23 remaining)Nmap scan report for 10.10.1...

nmap1234567891011121314151617181920212223242526272829└─$ sudo nmap -sS 10.10.11.113 -p- --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-26 23:54 ESTStats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping ScanPing Scan Timing: About 50.00% done; ETC: 23:54 (0:00:00 remaining)Nmap scan report for 10.10.11.113Host is up (0.35s latency).Not shown: 65528 closed tcp ports (reset)PORT STATE SERVICE22/tcp open ssh80/tcp open http4566/tcp open kw...

nmap12345678910111213141516171819202122232425262728└─$ sudo nmap -sS 10.10.10.172 -p- --min-rate=2000 [sudo] password for fonllge: Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-24 21:44 ESTNmap scan report for 10.10.10.172Host is up (0.25s latency).Not shown: 65526 filtered tcp ports (no-response)PORT STATE SERVICE53/tcp open domain88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap445/tcp open microsoft-ds5985/tcp ope...