![]() ![]() I spawned bash shell with python, and I logged with dg user. I updated $ip var in php shell and I launched netcat listener. With big surprise I found all users’ passwords- yup!! At this point I connected with dg user and then I uploaded /usr/share/webshells/php/php-reverse-shell.php reverse shell. At the end I launched hydra for cracking the passwords of all users: Initially I used cewl, for extracting all words from the website and then I used tr and sed commands to create all possible combinations. I came back to the wikipedia page the one before, and I tried to catch hot words for the creation of wordlist. In /etc/group folder I saw that the user dg is a member of several groups, so let’s try to crack the passwords of these users. They are Dave Gahan, Martin Gore, Andy Fletcher, and Alan Wilder. These usernames are matched with the initials of the Depeche Mode’s members. I navigated on web browser to see interesting files and I found out four users named dg,mg,af and aw: Ok! Now this is interesting because we can use the mod_copy module to read and write files on system: I found out that the FTP server is exploitable: Now we can browse through exploit-db and find out if services are exploitable or we have to use searchsploit. The web server didn’t have anything else of interest. I found a link for the Violator album’s Wikipedia page by the Depeche Mode in webpage’s source code. I browsed into HTTP server and I saw this: The scanning result reveals that the Proftpd 1.3.5rc3 runs on port 21 and Apache httpd 2.4.7 runs on port 80. Then, as always, I used nmap to discover its open ports: We need to find the vm’s ip, so I used netdiscover: I have put a few trolls in, but only to sport with you.Vince Clarke can help you with the Fast Fashion.Starting with this, we can find a few notes on vulnhub’s page’s description from Knightmare. Today I’m ready to publish my first walkthrough against the vm hosted on vulnhub called Violator by knightmare. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |