Run a nmap scan to find for open ports.

Run a gobuster enumeration to find hidden directories.

gobuster dir -u -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x txt,php,html

Found a form login page.

Use SQLmap to find for databases and more clues.

sqlmap -u ‘’ –forms –dbs

Found a database called wordpress8080

Found the user and password.

Do another gobuster scan on port 8080 and a login page is found.

Login to the site with the credentials found by SQLmap.

Edit the theme page and insert a PHP revers shell.

Start a net cat listener and you will gain a shell.

switch the user with the credentials found and root access is gained.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: