WDavid404
commented
1 month ago PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 61 Apache httpd 2.4.41 ((Ubuntu))Recon
80/tcp --> wordpress
wpscan $IP --> didn't find interesting thing
FFUF --> /filemanager
admin:admin login succeed.
We can upload a reverse shell php file and access http://192.168.214.16/php-reverse-shell.php
--> get a reverse shell
We can /home dir has a user called Dora
and find Dora password hash info
crack it:
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
--> doraemon
su to dora
linpeas:
-->
https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe
didn:t find private key info under /root/.ssh
see /etc/shadow and /etc/password
crack shadow hash --> explorer
su root with password (explorer)
Keypoints: