Last updated
Last updated
Generated on Sun Jul 18 11:53:14 2021 with
nmap 7.91
.
File Extension: *
File with list of dirs/files: /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt
This discovers a new IP in a new network: 172.16.50.222
File Extension: *
File with list of dirs/files: /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt
This is the content, which discovers a new IP in a new network: 172.16.50.224
ftp splash screen suggests to login with 'ftpuser' while trying to connect.
Found credentials for ftp server through hydra: ftpuser/ftpuser
ftpuser has root rights (just use the same password):
Flag encountered!
We run nmap
from this new machine to discover opened ports on 172.16.50.224
Use netcat
to pivot an hydra
attack for the ssh
service on 172.16.50.222
:
Flag encountered for 172.16.50.222!
root/root
, just login from your attacker machine:
Target URL: 172.16.37.220
Found relevant information at view-source:****
Target URL: 172.16.37.234:40180
Dirbuster found the following url:
Now that we have access to the ftp, we can upload a PHP reverse shell, and invoke it by opening this URL in your browser: ****
80/tcp
open
http
Apache httpd 2.4.18
3307/tcp
open
tcpwrapped
40121/tcp
open
ftp
ProFTPD 1.3.0a
40180/tcp
open
http
Apache httpd 2.4.18
172.16.50.222
%
22/tcp
open
ssh
OpenSSH 7.2p2 Ubuntu 4ubuntu2.8
80/tcp
open
http
Apache httpd 2.4.18
3307/tcp
open
tcpwrapped