wordpress website. with msfconsole upload nc.ex to wordpress uploads. start nc.exe and connect back to attacker’s nc listener.
Vaccine
SQL injection vulnerabilities
Oopsie
Session hijack with burpsuite to get reverse shell uploaded. setuid used to run cat=/bin/sh in /tmp
Archetype
The ports smb, mssql are open. impacket tools are used.
Pathfinder
Windows box. Open port 88 is typically associated with Kerberos and port 389 with LDAP, which indicates that this is a Domain Controller. We note that WinRM is enabled on port 5985. Python bloodhound injester used.