Vulnhub pWnOSv2.0 Walkthrogh

we start by changing the IP of our machine to the 10.10.10.IP subnet , instructed by the owner of the lap , then we can scan the host for open ports : nmap –T4 –A –p- 10.10.10.100 –vv

Running dirb and nikto gave us all the information about the hosted pages on this host, one of the pages is to sign up by using email and password to login:

And didn’t redirect me in, another login page in the blog:

Going through links from dirb found a txt file with the name password.txt

It’s a MD5 password : 1eaf4881358d93b034a642f7a200d4f9

Going deeper in the dirb links I found another txt file

Actually SPHPBlog is an exploit we can use it using Metasploit :

Now we have a user name MDSiqZ and a password ohobwv , we can login using them

Uploaded a shell using msfvenom and made a connect to the shell

On var/www/ folder there is a file mysqli_connect.php :

Inside the file there is a root password , su root and then the password gave us the root privilege

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s