Scanning the host with namp –A –T4 –p- 192.168.1.9 –vv
Inside the page source code there is a php page where we can replace the “ip” with the host ip and have access to a new page, also we can find the same web page in the robots.txt file:
And then we have this page where we get a shell:
In home directory we found a text with password:
Ok let’s have a shell on our machine, we upload a php shell with wget command and we start a listening port 4444:
Checking out the Home directory got root … wow this is so easy:
Hacking Tips & Tricks - Labs Walkthrough - Infosec Articles 