Since I couldn’t get any more of the SunCSR boxes to run and there’s nothing new on THM, I took a shot at DriftingBlues7 on VulnHub. It says it is easy and they weren’t kidding; it took me 10 minutes.
PORT STATE SERVICE
22/tcp open ssh
66/tcp open sqlnet
80/tcp open http
111/tcp open rpcbind
443/tcp open https
2403/tcp open taskmaster2000
3306/tcp open mysql
8086/tcp open d-s-n
When I run the detail scan, port 66 is actually a python webserver so I go poke around there; nothing interesting. I check 80/443 and look at the certificate; not interesting. The frontpage is something called EyesOfNetwork. Checking searchsploit:
Juicy, but we need a version. I try a dirsearch and get (amongst other things) README.md, which says:
Eyes Of Network web interface 5.3
Okay, so that answers that. I grab the ‘RCE’ exploit shown above, it says txt but it’s actually a python3 script.