Monty's Learning Notes | Obsidian

    Unified

    To Do:
    Check UniFi Version 5.4.54 Vulnerability
    Interact with Nagios NSCA through port 8443 - login page
    Interact with database port 6789
    Identify service running on 8843
    Identify service running on 8880

    RECON

    Port 8443/tcp - Nagios NSCA (SSL) - popular monitoring system

    Service: Nagios NSCA over SSL

    Port 8080 redirects to 8443

    UniFi Network Version 6.4.54

    Login page: https://10.129.26.178:8443/manage/account/login?redirect=%2Fmanage

    Forgot Password page: https://10.129.26.178:8443/manage/account/forgotpassword?redirect=%2Fmanage%2Faccount%2Fforgotpassword

    It uses JSON with a /status page, raw data: {"meta":{"rc":"ok","up":true,"server_version":"6.4.54","uuid":"8918a2b4-6f90-4f13-8233-e29085bd16d7"},"data":[]}

    user flag->6ced1a6a89e666c0620cdb10262ba127

    So I used metasploit to get a shell
    Then i followed steps of an article to get the root password. What the fuck.s