Based on the Mr. Robot show
This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.
Starting with a nmap scan
nmap -sS -sV -A <IP>
22 : SSH
80 : http
443 : https
Checking the website on port 80
- Found a dictionary
- first key
Using dirbuster to scan the IP address
Checking admin page
Now intercepting the login request in burpsuite and using the dic file we found to brute force it
Capture request in burp suite and forward request to intruder tab.
Select sniper attack type, Select the username and password as parameter
Load fsocity-1.dic dictionary as data input for username, start the attack.
Found user name, now find password with same dictionary file
Login with found username and password to wp-login page as the site is based on wordpress
Search for page where php-reverse shell can be uploaded to get reverse shell.
Found 404.php > updated php-reverse-shell here
Start listener nc on kali machine, and browse the updated template page in browser.
nc -nlvp 4444
Try to spawn shell:
python -c ‘import pty; pty.spawn(“/bin/sh”)’ python -c ‘import pty; pty.spawn(“/bin/sh”)’
Found 2nd flag!
Escalate privileges and search for 3rd flag!
Search for users privilege permission:
find / -perm /4000 -type f 2>/tmp/2
Got root access
nmap — — interactive
Found 3rd flag