Machine - Explore
- NMAP
2222/tcp open EtherNetIP-1 syn-ack ttl 63
42135/tcp open unknown syn-ack ttl 63
44687/tcp open unknown syn-ack ttl 63
59777/tcp open unknown syn-ack ttl 63
- NMAP port specific
- the port 42135 is a port for the ES Explorer, that I found a vuln in search
searchsplout - I am able to list all files
- all the apps
net.xnano.android.sshserver 0.9.1
- all photos
- there is photo called creds
- kristi -
Kr1sT!5h@Rp3xPl0r3!
- Gain access to the ssh
ssh -oHostKeyAlgorithms=+ssh-rsa -p 2222 kristi@10.10.10.247 - do port forwarding of the 5555 to our localhost
- connect with adb
- execute su