- #Wing ftp server failed to find server directory how to#
- #Wing ftp server failed to find server directory code#
The SQL query creates a file called backdoor.php which contains the php code for a standard web shell. If you scroll down into the article there’s a malicious SQL query that can be executed to create a web shell vulnerability on the web server. Check out the second link from Hacking Articles. Start with a google search for something like phpMyAdmin reverse shell.
#Wing ftp server failed to find server directory how to#
We have phpMyAdmin access but what can we do with it? If you aren’t familiar with phpMyAdmin, what is is, or how to exploit it. list_tokens -uįrom here its a simple matter of capturing the flags. Use the Impersonate_token command followed by “NT AUTHORITY\SYSTEM” and you’ll elevate your Meterpreter shell to SYSTEM. That’s what we need, so let’s use it and complete the box. We see below that we have available tokens for NT AUTHORITY\SYSTEM. First we will use the List_tokens command to view available tokens for our current user. Help command will list out available commands to be used. Type “ Load Incognito” from your Meterpreter prompt to load the module. However we can make use of a built in feature of the Meterpreter payload a module called Incognito. We could look into various Potato attacks, which hinge on this user privilege. This allows us to, you guessed it, impersonate a user after authentication. The Lian user has SeImpersonatePrivilege enabled. I’ll begin the process by running a simple command to check what privileges our current user has. With access to the target as the low privileged user Lian we can start to enumerate the system and find our path to privilege escalation. Meterpreter session established from 172.31.1.20 We are logged in as Admin to the Wing FTP administration console. In this case I tried a few different username/password combinations. It won’t always be an easy win but sometimes you get lucky. I recommend doing this anytime you find a login page. Let’s try a couple of weak and or default password combinations. We find an administrative login page for Wing FTP. Let’s browse to this page and investigate. The one port that stands to me is port 8080.
While we have multiple ports open most of the services being hosted on those ports require authentication and therefore credentials before we can connect to and utilize them. In the output we see multiple open ports, let’s drill into these and figure determine what to focus on first.
0 kommentar(er)
