search

🐧FunBoxEasy

192.168.234.111

hashtag
Initial Scan

Nmap Scan

nmap 192.168.234.111 -sV -A -Pn

hashtag
Port 22

Banner grab

hashtag
Port 80

From the Nmap scan you can already see that robots.txt contains gym.

Dirbuster finds a lot of directorys at this IP.

Found a login page for /store/admin.php, takes admin:admin credentials. \

Found /store/database/www_project.sql. Cracking this hash just tells you the password is admin, which is already known.

Payload works for /admin login. https://www.exploit-db.com/exploits/48940arrow-up-right

hashtag
Shell

Found that I could upload an image for the book. Uploaded php reverse shell.

Ran reverse shell through http://192.168.234.111/store/bootstrap/img/rev3.phparrow-up-right

Found file /home/tony/password.txt

Connected via SSH.

Sudo -l

hashtag
Root

Using https://gtfobins.github.io/gtfobins/pkexec/arrow-up-right

PreviousPwned1NextDC-1

Last updated