search

πŸͺŸShenzi

hashtag
IP: 192.168.73.55

hashtag
Enumeration

Nmap scan

nmap 192.168.73.55 -sV -p- -A

hashtag
Service Enumeration

hashtag
TCP/135/445

SMB allows anonymous connection.

Passwords.txt

why.tmp

hashtag
TCP/80/443

PHPInfo has a lot of information. https://shenzi.com/dashboard/phpinfo.phparrow-up-right

Found wordpress site at /shenzi Uploaded reverse shell code into Hello Dolly. hello.php Ran the reverse shell by navigating to http://192.168.73.55/shenzi/wp-content/plugins/hello.phparrow-up-right

hashtag
Shell

Systeminfo

Found that AlwaysInstallElevated is enabled.

Created reverse shell msi. Chose port 21 because I know its already open.

Curled the installer to shenzi's desktop and ran exp3.msi

hashtag
Root

PreviousInternalNextJacko

Last updated