Shocker

Hi,
I’m a beginner in pentesting. Currently I hacked successfully Mirai. However I’m not happy for the method to get user.txt. I’ll really appreciate if I can speak with someone in PM. I think that it’s legal because I already hacked Mirai.

Sorry for this off topic. In fact this discussion regards Shocker. I understand what is the vulnerability. The tools that I used are:

  • nmap
  • gobuster, with dirbuster and dirb wordlists
  • nikto (I think that it’s unneded)

Unfortunately I cannot get the entry point, currently I’m trying harder. Something is missing because I know what I have to find to hack the system, but actually I didn’t find it in any dirs… Maybe I need a better wordlist?

dirsearch (with its default wordlist) will show you the entry point (I guess the same goes also for other tools like dirbuster etc…), but you just have to use one more option in your scanning and search for extensions that are related with the name.

@game0ver said:
dirsearch (with its default wordlist) will show you the entry point (I guess the same goes also for other tools like dirbuster etc…), but you just have to use one more option in your scanning and search for extensions that are related with the name.

Taking into consideration the name of the machine… There is a specific folder where there should be some special files. I used dirbuster with dirb/big.txt + specific extension force, and didn’t find a thing :expressionless:


Update, it seems I was using the wrong extension. Now I used the right one and got the gold :slight_smile:

I found a certain .something available for download out of the ‘folder’ - but I still can’t execute *shock on it

whats the automated way to fire exploits? hint

I personally used wfuzz on this machine (to be honest, I usually run a combination of wfuzz/dirb/gobuster/dirsearch on every machine) … just have to narrow your search down to certain extensions.

Found it! :slight_smile:

i’ve found the ‘ext’ in the ‘folder’ through dirb… but the ‘code’ doesn’t give the desired effect once used. I think I’m missing something?

@Liz4rd said:
i’ve found the ‘ext’ in the ‘folder’ through dirb… but the ‘code’ doesn’t give the desired effect once used. I think I’m missing something?

check the name of the machine and google what you found and what you can do with it.

ignore

had another crack at it and finally got root