Рет қаралды 26,496
01:15 - Doing nmap quickly by not running scripts to get open ports, then using that output to run scripts.
04:50 - Checking out the webserver, discovering robots.txt
07:55 - Running gobuster on the admin-dir with the extensions txt and php
11:15 - Finding credentials.txt within that admin-dir
13:15 - Logging into FTP to discover the web directory source
21:30 - Running gobuster again on utility-scripts to discover adminer.php
24:55 - Going to adminer and trying to login
27:10 - Bypassing adminer authentication by creating a MySQL Database
31:45 - Failing to drop a file in adminer
34:30 - Using LOAD DATA LOCAL to insert a file into our database
38:05 - Uploading the servers index.php to our database and discovering the password
39:00 - SSH into the server with the password found before
41:50 - Sudo allows us to set environment variables, using PYTHONPATH to hijack a python library... Failing to get a rev shell
49:00 - Switching to nc for a revshell and getting a root shell!