search

🐧DriftingBlues6

192.168.60.219

hashtag
Enumeration

Nmap scan

nmap -sV -p- 192.168.60.219 -A

hashtag
Port 80

Dirbuster scan

Robots.txt

Spammer.zip is password protected. Extracting hashes.

Bruteforcing with John

Found password for spammer.zip file : myspace4

Contents of creds.txt

Logged in with the found credentials at http://192.168.60.219/textpattern/textpattern

Edited my reverse shell pointing toward my IP. Uploaded. Opened my file from http://192.168.60.219/textpattern/files/arrow-up-right

hashtag
Shell

Linpeas found that this machine is vulnerable to dirty cow https://github.com/firefart/dirtycowarrow-up-right

Grabbed exploit and transferred to victim machine. Compiled exploit.

It did give an error but compiled anyways.

Ran exploit ./cowroot

hashtag
Root

PreviousAssertion101NextDC-2 - unfinished

Last updated