Pwned

Stapler (Walkthrough) This Box Is From Vulhub You Can Download It From  Link . i pwned this box by doing wordpress enumeration and an old exploit of ubuntu 16.04 which help me to get root permission. Breaching Process  Finding IP Nmap Enumeration Browsing HTTP and HTTPS service Deep nmap scan for all ports found (12380) running in https Enumerating directory using nikto  Found robots.txt and other useful direcotry Exploitation Injecting php code in plugin  Got reverse shell in meterpreter Privilege Escalation Further enumeration found old Ubuntu (16.04) Got root permission (compiling bunch of exoloit) Let's Breach   Using nmap scan i found the box ip address.The ip address was 192.168.1.7 I browse the ip to see there was port 80 open and let the nmap scan   There was not any interesting thing in 80 port.After seeing the and found nothing i go for nmap scan. There was bunch ...

DC-8 (Pretty interesting Box) This box is fun though as i suppose this was built to cover proof of concept(2FA).Which, is good for OSCP (told by some wise person) so, i decided to do this machine.You can download this from  DC-8 Breaching Process  Finding IP Nmap  Enumeration Browsing HTTP service Enumerating directory Got drupal (further enumerating version from change.log -> but dead end ) Exploitation sql injection got credentials (hash password) cracking password using john gaining reverse shell from contact form (executing php code in server sending mail) Privilege Escalation exploiting exim to get root permission (using proof of concept from exploit db) Let's breach; First of scanning network using namp.Found ip to be 192.168.234.135 while scanning again from nmap i surf in the browser and found out to be a drupal. so, the scan was completed and the result from nmap  There was not s...