Codo
00 min
2025-3-8
Date
Mar 8, 2025 → Mar 8, 2025
Tag
Nmap
Web Exploitation
Credential Harvesting

Nmap


notion image
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-08 07:13 EST Nmap scan report for 192.168.104.23 Host is up (0.14s latency). Not shown: 998 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 93.15 seconds

80


notion image
Username should be admin since the content of this post.
Username : admin

dirb

notion image
try admin:admin, we logon
notion image
notion image
try use searchsploit and find out these have several POC, we can try 50978
notion image
notion image
so we can use command python3
notion image
use /usr/share/webshells/php/php-reverse-shell.php upload it
and acccess the path
notion image
got it
notion image
得知codo的数据库配置在config.php里
notion image
获得数据库密码
config = array ( 'driver' => 'mysql', 'host' => 'localhost', 'database' => 'codoforumdb', 'username' => 'codo', 'password' => 'FatPanda123', 'prefix' => '', 'charset' => 'utf8', 'collation' => 'utf8_unicode_ci'
使用这个password我们进去了root的终端拿到了flag
notion image
 
上一篇
HB
下一篇
AZ-900