pWnOs 2.0

I loved the 1.0 version so much that I decided to attempt 2.0 right next.

Step 1 – Find out pWnOS IP

Noticed that the machine is assigned a static IP 10.10.10.100, so reassigned an IP manually to my Kali box in the same network segment.

Step 2 – Enumerate the IP to find out open ports, service version, OS etc..

This provides the following attack surface:

  • Port 22 – OpenSSH 5.8p1 Debian 1ubuntu3
  • Port 80 – Apache httpd 2.2.17
  • OS – Linux web 2.6.38-8-server #42-Ubuntu x86_64

Step 3 – Enumerating web ports

The application appears to be injectable. Using Burp

Version noted

Logged in as user

Contents of /etc/passwd file

Obtaining database credentials

Attempting to upload a backdoor file which will allow command execution, thereby obtaining a reverse shell

Found another file with different mysql db credentials

Password is reused for root account!!!!

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *