Persecure : my learning archive

Pentester Lab: From SQL injection to Shell

https://www.vulnhub.com/entry/pentester-lab-from-sql-injection-to-shell,80/

Run an nmap scan to find open ports.

Test the id parameter for SQL databases.

Run SQLMAP – sqlmap -u ‘http://192.168.18.30/cat.php?id=1’ –dump

Found a user and hash password.

Crack the MD5 password with any online decoder tool.

Login to the admin account. Add a web shell via uploading a picture.

File cant except a php file , rename the file with an extension of .php3 instead.

Start a netcat listener.

Access is gained.

List of users found in the machine.

Create a website or blog at WordPress.com