Teck_N00bs

Name: Tenten IP : 10.10.10.10 OS – linux VM Author: ch4p Writeup Author: Teck_K2 Nmap result In the target system only port 22 and 80 is open let's try to open it It’s a job portal site and powered by WordPress Let's try to find the version detail IN the /readme.html it’s showing me the version which is 4.7 Now as we now it’s a WordPress site now we will use wpscan It will start enumerating users We got only 1 user One of them is admin we will focus on him only Now we know the username we can try to bruteforce the password After several hours I got no result Let’s enumerate plugins We got 2 plugins installed As we can see one is akismet which is up to date and the second one is job-manger which is also up to date but one version of job manager which is 0.7.25 seems outdated and insecure. Let find out some exploit for that. I find this link in the wpscan description https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/htt...

Name: Popcorn IP : 10.10.10.6 OS – linux VM Author: ch4p Writeup Author: Teck_K2 Nmap result The port 80 is open so we will start enumerating port 80 with Nikto and dirb. Nikto couldn't find anything interesting but with dirb, we find a new directory called torrent. So we will go to that directory 10.10.10.6/torrent Here we can sign up and can upload only (.torrent) file in which we can’t upload any shell. So we will creat a new .torrent file and upload it, then we have now access to upload a screenshot which can be jpg,jpeg,png and Gif. so let’s go to new terminal and let’s generate our web payload using msfvenom. After generating the file we will edit it because it is generatied in base64 , So we will go and edit the file, now add <?php in the beginning of (base64 encoding) and ?> in the end. Now we will change its extension from php to .php;.png We are doing this because the upload has image file restriction, which only allows...