wordpress website. with msfconsole upload nc.ex to wordpress uploads. start nc.exe and connect back to attacker’s nc listener.
SQL injection vulnerabilities
Session hijack with burpsuite to get reverse shell uploaded. setuid used to run cat=/bin/sh in /tmp
The ports smb, mssql are open. impacket tools are used.
Windows box. Open port 88 is typically associated with Kerberos and port 389 with LDAP, which indicates that this is a Domain Controller. We note that WinRM is enabled on port 5985. Python bloodhound injester used.