Scanning the host with namp –A –T4 –p- 192.168.1.9 –vv

Inside the page source code there is a php page where we can replace the “ip” with the host ip and have access to a new page, also we can find the same web page in the robots.txt file:

And then we have this page where we get a shell:

In home directory we found a text with password:

Ok let’s have a shell on our machine, we upload a php shell with wget command and we start a listening port 4444:


Checking out the Home directory got root … wow this is so easy:
