![]() ![]() ![]() Now visiting the other part of the http webpage 8080, which is a single page running tomcat server. Root :x : 0 : 0 \:root\:/ root :/ bin / bash daemon :x : 1 : 1 \:daemon\:/ usr / sbin :/ usr / sbin / nologin bin :x : 2 : 2 \:bin\:/ bin :/ usr / sbin / nologin sys :x : 3 : 3 \:sys\:/ dev :/ usr / sbin / nologin sync :x : 4 : 65534 \:sync\:/ bin :/ bin / sync games :x : 5 : 60 \:games\:/ usr / games :/ usr / sbin / nologin man :x : 6 : 12 \:man\:/ var / cache / man :/ usr / sbin / nologin lp :x : 7 : 7 \:lp\:/ var / spool / lpd :/ usr / sbin / nologin mail :x : 8 : 8 \:mail\:/ var / mail :/ usr / sbin / nologin news :x : 9 : 9 \:news\:/ var / spool / news :/ usr / sbin / nologin uucp :x : 10 : 10 \:uucp\:/ var / spool / uucp :/ usr / sbin / nologin proxy :x : 13 : 13 \:proxy\:/ bin :/ usr / sbin / nologin www - data :x : 33 : 33 :www - data :/ var / www :/ usr / sbin / nologin backup :x : 34 : 34 \:backup\:/ var / backups :/ usr / sbin / nologin list :x : 38 : 38 :Mailing List Manager :/ var / list :/ usr / sbin / nologin irc :x : 39 : 39 \:ircd\:/ var / run / ircd :/ usr / sbin / nologin gnats :x : 41 : 41 :Gnats Bug - Reporting System ( admin ) :/ var / lib / gnats :/ usr / sbin / nologin nobody :x : 65534 : 65534 \:nobody\:/ nonexistent :/ usr / sbin / nologin systemd - network :x : 100 : 102 :systemd Network Management, :/ run / systemd :/ usr / sbin / nologin systemd - resolve :x : 101 : 103 :systemd Resolver, :/ run / systemd :/ usr / sbin / nologin systemd - timesync :x : 102 : 104 :systemd Time Synchronization, :/ run / systemd :/ usr / sbin / nologin messagebus :x : 103 : 106 ::/ nonexistent :/ usr / sbin / nologin syslog :x : 104 : 110 ::/ home / syslog :/ usr / sbin / nologin _apt :x : 105 : 65534 ::/ nonexistent :/ usr / sbin / nologin tss :x : 106 : 111 :TPM software stack, :/ var / lib / tpm :/ bin / false uuidd :x : 107 : 112 ::/ run / uuidd :/ usr / sbin / nologin tcpdump :x : 108 : 113 ::/ nonexistent :/ usr / sbin / nologin landscape :x : 109 : 115 ::/ var / lib / landscape :/ usr / sbin / nologin pollinate :x : 110 : 1 ::/ var / cache / pollinate :/ bin / false sshd :x : 111 : 65534 ::/ run / sshd :/ usr / sbin / nologin systemd - coredump :x : 999 : 999 :systemd Core Dumper :/:/ usr / sbin / nologin lxd :x : 998 : 100 ::/ var / snap / lxd / common / lxd :/ bin / false tomcat :x : 997 : 997 ::/ opt / tomcat :/ bin / false mysql :x : 112 : 120 :MySQL Server, :/ nonexistent :/ bin / false ash :x : 1000 : 1000 \:clive\:/ home / ash :/ bin / bash So I was able to get the /etc/passwd by doing so. ![]() ![]() So I desided to add megahosting.htb to /etc/hosts in my kali.Īfter all the things are done, then I came to see that a URL ` looks like LFI` is going to work out.Ī file inclusion vulnerability is a type of web vulnerability that is most commonly found to affect web applications that rely on a scripting run time. On visiting the port 80 there is a website Megahosting.HTB with some content on it. Nmap done: 1 IP address (1 host up ) scanned in 31.88 seconds Read data files from: /usr/bin/./share/nmap Service Info: OS: Linux CPE: cpe:/o\:linux\:linux_kernel TCP Sequence Prediction: Difficulty =261 (Good luck! ) No exact OS matches for host (If you know what OS is running on it, see ). |_http-open-proxy: Proxy might be redirecting requests |_ Supported Methods: OPTIONS GET HEAD POST |_http-server-header: Apache/2.4.41 (Ubuntu ) |_ Supported Methods: GET HEAD POST OPTIONS Discovered open port 80/tcp on 10.10.10.194ĭiscovered open port 8080/tcp on 10.10.10.194ĭiscovered open port 22/tcp on 10.10.10.194Ĭompleted SYN Stealth Scan at 07:52, 2.07s elapsed (1000 total ports )Ģ2/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux protocol 2.0 )Ĩ0/tcp open http Apache httpd 2.4.41 ((Ubuntu )) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |