Not detecting password in PHP config file

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

https://book.hacktricks.xyz

Other

15.73k stars 3.05k forks source link

Not detecting password in PHP config file #74

Closed cJay-c closed 3 years ago

cJay-c commented 3 years ago

Tried this on TryHackMe DailyBugle box. Script did not detect password in /var/www/html/configuration.php file. Odd because all the old writeups mention about the script detecting this password.

carlospolop commented 3 years ago

Hi @cJay-c,

Thank you for report this bug. Can you confirm that you are using the latest version? Also, could you share the file or at least the line where the password appear inside the file so I can reproduce the conditions on my VM?

cJay-c commented 3 years ago

Yes. I am using the latest version available

var/www/html/configuration.php file contains the following password line among other parameters.

<?php> class JConfig { pubic $password = 'xxxxxxxxxxxxx'; }

carlospolop commented 3 years ago

Hey @cJay-c,

In the following images you can see that the last version of linpeas is correctly finding your file.

Could you recheck inside the vuln machine using the last version of linpeas?

carlospolop commented 3 years ago

Close due to inactivity (and because I think it's fixed)