Today we’re going to start a series of Vulnhub machines called Pinky’s-Palace V0.
Firstly, we’re going to start with a
nmap scan of the target.
http ports are open, we can start by viewing the content of the webpage hosted on that server.
Nothing useful there, so we can jump into the next step, which is running some scanners. My usual way to go is
Great, this tool already revealed some interesting directories. Unfortunately, all are empty so let’s move on to
There it is, another directory called
A little bit of fiddling, and very simple SQL Injection in
user field allowed us to log into the portal.
I immediately suspected an ability to inject commands into the
Now let’s use python to make a reverse shell and get us easier access to commands.
Before submitting the command, we have to set up an listener and then we are all ready.
Looking around the files in
/var/www/html directory, I’ve noticed a file with credentials to
Let’s connect to the server and grab the credentials from the
Great, together with Crackstation we are able to get the plain passowrd for the
su into the user.
During usual exploration, I’ve noticed a strange script
I decided to try my luck and put there reverse shell, as it may be run at specified time intervals.
After few moments, we got connection from the target.