Please enable JavaScript.
Coggle requires JavaScript to display documents.
FristiLeaks (Enumeration (Web-Server/ Application Scanning, TCP or…
FristiLeaks
Enumeration
Web-Server/ Application Scanning
TCP or Services scanning
Setting-up VM
IP-Discovery of Target
Directory scanner
More Information Gathering + VA
investigating index.html
uploading PHP shell
investigating other root Dir files
lets try /fristi and we got login page
inspecting login page and we got username and pass
local enumeration
Navigating files and directories
checking out for clues if any
checking services avaialable
checking /usr/bin
check current rights and commands available to run
navigate other users and there files
getting pty shell
changing permissions of home/admin
using /home/admin/chmode
Gaining Access
navigating admin dir
reverse eng python scripts in /home/admin
decoding pass
try SU with other user "fristi god"
search all files owned by fristigod user
navigate and inspect all those file owned by fristi god
search for any clues in those files
we found executable that we can use to escalate priv
using ./dCon to esclate priv