Posts

Exploiting GhostCat(CVE-2020–1938)

Image
The Walkthrough corresponds to tomghost machine of tryhackme:-https://tryhackme.com/room/tomghost
Vulnerability(CVE-2020-1938):- The Information of Vulnerability is given as:- https://www.chaitin.cn/en/ghostcat https://medium.com/@scottc130/understanding-the-ghost-cat-vulnerability-cve-2020-1938-79ceae327599
Ghostcat is described as “AJP Request Injection and potential Remote Code Execution Enumeration:- Nmap scan:- nmap -sC -sV tomghost.thm
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 f3:c8:9f:0b:6a:c5:fe:95:54:0b:e9:e3:ba:93:db:7c (RSA)
| 256 dd:1a:09:f5:99:63:a3:43:0d:2d:90:d8:e3:e1:1f:b9 (ECDSA)
|_ 256 48:d1:30:1b:38:6c:c6:53:ea:30:81:80:5d:0c:f1:05 (ED25519)
53/tcp open tcpwrapped
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
| ajp-methods:
|_ Supported methods: GET HEAD POST OPTIONS
8080/tcp open http Apache Tomcat 9.0.30
|_http-favicon: Apache Tomcat
|_http-title: Apache Tomcat/9.0.30
Se…