From nmap, there are 3 ports opened.
This is the web page on port 8500.
If we click the folder
CFIDE/, we will be brought to this administrator login page.
coldfusion in msf, use the module
windows/http/coldfusion_fckeditor and run with burp suite. It seems that we successfully upload a .jsp reverse shell.
The file is indeed uploaded.
And we can get a reverse shell as
I use the module
post/multi/recon/local_exploit_suggester, and choose the one started with
ms10_092, and now, we are