hi senpai, tried common ports like 20, 21, 22, 23, 25, 80, 110, 143, 443
but i just couldnt get a reverse shell . any hint please.
on the foothold. all you need is a simple enum. take a look at versions. ?
Hello, yeah i have gotten the web application and the version. Google given me couple of CVE that seems to be able to edit alittle for a reverse shell on the vulnerable site. but some reason i just couldnt get my shell =(
(Quote)
Hello, yeah i have gotten the web application and the version. Google given me couple of CVE that seems to be able to edit alittle for a reverse shell on the vulnerable site. but some reason i just couldnt get my shell =(
hey, I’m new to ethical hacking and pentesting and literally cant find anything to get user, could someone help me / give me a hint? would be very appreciated thanks in advance
(Quote)
Hello, yeah i have gotten the web application and the version. Google given me couple of CVE that seems to be able to edit alittle for a reverse shell on the vulnerable site. but some reason i just couldnt get my shell =(
Try metasploit ?
Heh. nevermind. i got it. finally one source from github works.
@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?
You can actually use you present shell also just know the tables and boom you will get everything
Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.
I had the same problem. Don’t know why, mb it’s a spoiler, but sql commands are working, but doesn’t showed. Try to exit (exit; ?) after you put your commands, with the error you will see your commands and response
@moose said:
Having trouble connecting to the d***base. Have creds to view but not able to view the output in my shell. Any ideas?
You can actually use you present shell also just know the tables and boom you will get everything
Tried using the correct m**** syntax but it’s not showing any output in my shell. I’m using the mf***** shell if that matters.
I had the same problem. Don’t know why, mb it’s a spoiler, but sql commands are working, but doesn’t showed. Try to exit (exit; ?) after you put your commands, with the error you will see your commands and response
foothold: enumeration and cve
user: more enumeration (pay attention to whats running on the machine)
root: pretty straight forward (as @AbuQasem already said, a vulnerability that existed in prior versions can help you a lot…)
Hello, I have a connection with the machine, but it does not let me leave the container folder of the web, and when performing a reverse shelll it does not create the meterpreter session
command after having installed s*** and s***c***** on a normal kali machine. this creates a s*** from a directory. when installing a s***, it mounts it somewhere onto the file system, so i included set*** binaries in the s***. i don’t think this is the intended route, though.
I feel like there is a lot of help on this so far. The only thing that I would suggest is to not overthink it (I know I did).
Foothold: Easy to find from google
User: Basic enumeration. If you have worked with web applications in the past with login screens, you should know what you’re looking for. If you haven’t, do some searches about setting up things like wordpress or dvwa. You’ll see some information that will be useful in different files.
Root: This was the headache for me. I overthought this a lot and wasted some serious time. There are some great posts about doing this exploit, but you may need to change a few things up. It’s not about what you’re installing, but what you do while you’re installing