This one was quite a mess. You see so many opportunities that your head spinning in every directions. After some time, i decided for myself to use the CoreFTP HTTP server directory traversal vulnerability. Then I started trying to upload wwwolf-php-webshell with curl (overkill):
I got the flag with some help from a friend. There are at least two ways to get the flag. One way, the way that I had help with from a friend, does not require a webshell or a php-reverse-shell.
Message me if you need help.
The post that @subrealz made is pretty much on the right track, but I could not figure it out from that post. Honestly, I probably would have never figured out the solution without some help.
Sent you a PM… I can most likely do the webshell, but looking for another method that is more in line with the modules in this course… a service. Thanks for any help. Stuck on this one.
Hi!
I’m stuck on how to obtain the first credentials.
I have done the following:
Enumerate FTP with anonymous, doesn’t accept.
Enumerate SMTP users with mode RCPT, and find one f****.
Tried to brute force this user on SMTP and FTP using hydra and a bunch of different password lists, including the pws.list from module resources, including rockyou.txt over all time of target server is alive.
The MySQL doesn’t also accept undefined user or anonymous concept for login.
I’ve not explore the port 80 for the HTML content, because it gets out of the scope of this module, even more for an easy lab.
I’ve been days on this, can someone help me? Thank you.
Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck.
Hi. I am found the credentials and was able to insert a PHP shell using MySQL: SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE 'C:\xampp\htdocs\webshell.php';
I am trying to access the file in the browser using the parameter https://10.129.196.82/webshell.php?c=dir, but nothing happens. Could someone help me?