pWnOS v2.0 walkthrough

preview_player
Показать описание

Description:
The VM will get the 10.10.10.100 IP by default, so let’s set the IP of our kali to 10.10.10.101.
ifconfig eth0 down
ifconfig eth0 10.10.10.101 up

nmap -A 10.10.10.100
22/tcp open ssh OpenSSH 5.8p1 Debian 1ubuntu3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.2.17 ((Ubuntu))

nikto --host 10.10.10.100
+ OSVDB-3268: /includes/: Directory indexing found.
+ OSVDB-3092: /info/: This might be interesting...
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /register/: This might be interesting...

/login - SQLi
User: abc' OR 1=1 -- -
Use sqlmap:

This one works on ssh.
  1. Márk Szabó
Рекомендации по теме
pWnOS v2.0 walkthrough 0:17:02

pWnOS v2.0 walkthrough

pWnOS 2.0 || 0:13:48

pWnOS 2.0 || VulnHub Walkthrough

Cyber Security | 0:15:04

Cyber Security | Ethical Hacking | Pentesting Lab | Vulnhub | Walkthrough | pWnOS 2 | Method 1

PwnOS 2.0 - 0:05:09

PwnOS 2.0 - Walkthrough

Cyber Security | 0:27:39

Cyber Security | Ethical Hacking | Pentesting Lab | Vulnhub | Walkthrough | pWnOS 1

pWnOS 1.0 || 0:18:25

pWnOS 1.0 || VulnHub Walkthrough

PwnOS 2.0.7 Using 0:08:53

PwnOS 2.0.7 Using Metasploit ( Backtrack5r3 )

#1 pWnOS 2.0 0:16:21

#1 pWnOS 2.0 rumo ao 'root'

Penetration Test pWnOS 0:21:08

Penetration Test pWnOS v2.0 with BurpSuite

#2 pWnOS 2.0 0:13:17

#2 pWnOS 2.0 rumo ao 'root'

pWnOS-1.0 Vulnhub CTF 0:07:05

pWnOS-1.0 Vulnhub CTF Walkthrough | aktechnohacker #cybersecurity #hacker #networking #security

Rooting pWnOS 0:07:40

Rooting pWnOS

PwnOS 2.0.7 Using 0:18:50

PwnOS 2.0.7 Using SQLI ( Backtrack5r3 )

VulnHub PwnOS - 0:25:30

VulnHub PwnOS - Complete Walkthrough (English)

#PwnOs #php #road2root 0:23:52

#PwnOs #php #road2root

pWnOS : 1.0 0:18:50

pWnOS : 1.0 VulnHub Machine Walkthrough

pWnOS 0:08:02

pWnOS

Attacking pWnOS (credits 0:07:33

Attacking pWnOS (credits g0tmi1k)

symfonos: 2 - 0:28:47

symfonos: 2 - VulnHub Walkthrough

CTF VulnOSv2 0:08:18

CTF VulnOSv2

PwnLab VulnHub Walkthrough 0:41:03

PwnLab VulnHub Walkthrough - Boot-To-Root

Raven:2 walkthrough | 0:23:08

Raven:2 walkthrough | vulnhub

Vulnhub billu b0x 0:24:12

Vulnhub billu b0x v2 Walkthrough

digitalworld.local: DEVELOPMENT - 0:14:30

digitalworld.local: DEVELOPMENT - VulnHub Walkthrough

Комментарии
Автор

Great job, very explicative. But for begginers who dont know a lot about linux or command line interface, i think there is an easier way to solve it. If you use a program to see the directories in the page, there is one called "blog" which also has an sql injectable login. If you login there, now you can upload "images", except it doesn't validate they are actually jpg or png or whatever, so you can upload the reverse shell (in php because that's the only app running in the site that can interpret one, download it from internet and edit it so it includes YOUR computers ip and the port you will be listening in with netcat or whichever app you prefer) there without using any commands. You then discover there is a directory at [ip]/blog/images/ where you can see the uploaded things, including your reverse shell, you just click it as you are listening with ncat and you will have the initial access, now you just have to scale privileges as done in the video.
Great and valuable content, keep it up!

raulzuniga