Persecure : my learning archive

,

Pentester Lab: From SQL injection to Shell

https://www.vulnhub.com/entry/pentester-lab-from-sql-injection-to-shell,80/

Run an nmap scan to find open ports.

Test the id parameter for SQL databases.

Run SQLMAP – sqlmap -u ‘http://192.168.18.30/cat.php?id=1’ –dump

Found a user and hash password.

Crack the MD5 password with any online decoder tool.

Login to the admin account. Add a web shell via uploading a picture.

File cant except a php file , rename the file with an extension of .php3 instead.

Start a netcat listener.

Access is gained.

List of users found in the machine.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: