80
Mapping
robots.txt:
.svn:
.DS_STORE
Directory Busting
Using wp-scan:
Now to privesc and checking from gtfobins:
Last updated
robots.txt:
.svn:
.DS_STORE
Using wp-scan:
Now to privesc and checking from gtfobins:
Last updated
It's a wordpress site with bad spelling.
Using this exploit: https://www.exploit-db.com/exploits/48979
Modifying the ip and port:
Running it we get a shell:
Now checking the wp-config.php: We have credentials
Now logging in we found wp_users table:
We have a hash for admin.
We can switch to commander user with the same password and su commander
Now running linpeas we found suid binary dosbox:
And we are root.