I’m sorry for asking on such a simple machine, but I just wanted to know if I should continue trying to find shell shock exploits (I assumed because of the title) or approach the box differently? Any vague answer to direct me in the right direction is appreciated.
Continue. Harder
@filippos Alright, thanks.
Np, I suggest to see @ippsec 's videos
Shocker was awesome, I too thought I’d enumerated everything I could think of, but then a simple switch of my scanning app and I found what the other 5 or so apps couldn’t.
@andrewh Yeah, dirbuster has found nothing of use for me, I tried all of its default word lists
dirbuster has some features that were quite handy for finding what i was looking for
wfuzz worked for me.
@SN3T Did it not even find any Dir’s? Try the medium or big list. Also try searching for some extensions.
i’m just lost, i’ve limited shell but cant figure how to escale it, any hints? please
enumerate in the shell
@andrewh Nope, I’ve tried medium list, not even a single dir, other than the ones that are forbidden
I tried a multi hours scan with dirb: with extensions-common.txt and big.txt. No success except a few 403 pages. Is it really that special to find the first entrance?
@daeladus I’m in the same step as you… FInd the entry point it’s a fucking pain in the ■■■!!
@daeladus paste your command… you should have found it
Here it is: dirb http://10.10.10.56 /usr/share/wordlists/dirb/big.txt -x /usr/share/wordlists/dirb/extensions_common.txt
Somehow embarrassing to ask for help for such a simple machine. Didn’t have such problems with other machines.
This will eventually find what you need. But it’s not very smart. Try to think what you are looking for. Maybe you have to search in a specific folder for specific files inside that folder.
From the box name, you have some idea of what may be relative to this box. Think about directories that may be exploitable for this box and start there. And think about file types that usually work in that directory. And think ‘old skool’. There were web applications before php and asp!
@alamot said:
This will eventually find what you need. But it’s not very smart. Try to think what you are looking for. Maybe you have to search in a specific folder for specific files inside that folder.
Yep, I’m totally aware of this non-smart scan. It was my last chance after some probable smarter scans. An no, it did not find anything specific (besides some 403 dirs). I’ll try to be smart again…
Never mind…did not think of THIS extension. Furthermore: a non-smart scan probably is not reliable. The extension was included in my non-smart scan for whatever reason, it didn’t find what I found a few seconds ago. It’s magic (or reset).