Please enable JavaScript.
Coggle requires JavaScript to display documents.
pWnOS 2.0 (scanning/vuln (Target Discovery (arp scan, icmp scan, syn scan)…
pWnOS 2.0
scanning/vuln
busting dir
/blog
found some other useful stuff
busting dir
/blog
really helpful
Discovering Blog
port scanning
nmap
ssh/http
optional shh
check out http serv
we found blog is a simple php blog 0.4.0
manual scanning; us -mT -Iv $ip:a -r 3000 -R 3 && us -mU -Iv $ip:a -r 3000 -R 3
vulnerability
Vuln Searching
2 ways
SQL injection
login page in base blog
php blog 0.4.0 is vuln
1191.pl
Tip: storing ip in var
we will use php blog 0.4.0 exploit
Target Discovery
arp scan
icmp scan
syn scan
copy exploit or download and run it to see..
Gaining Access
uploading shell
setup listner
Login to sub blog
success
accessing shell file
got shell
pty shell
Exploitation
Delete login credentials
create new credentials
put new credentials there
1191.pl
boot2root finale
Getting Root Access
optional
mysql -u root
-proot@ISIntS
optional way/ PANIC WAY/other way
use ch16
show tables
show databases;
select * from users
we got another db conn file in /var
real love in pWnOs v2
we found data base connection file /var/www/
loved it
su with above found credentials
success ROOT
local enumeration