sunset: twilight Walkthrough
reference | sunset: twilight |
target ip | 192.168.1.6 |
Scan with nmap
:

Enumerate with enum4linux -S 192.168.1.6
:

smbclient //192.168.1.6/WRKSHARE -N
:

Upload rs.php
to /var/www/html/gallery/original/rs.php
:

Reverse shell as user www-data:

Writable /etc/passwd
:

Add a malicious user foobar with password pass:
1 | openssl passwd -1 -salt foobar pass |

Login via SSH:

/root/root.txt
:

/home/miguel/user.txt
:

/home/miguel/ftp/22253251-65325.twilight
:

/var/mail/www-data
andcrontab -l
as user www-data:

/etc/shadow-
:


But the password is wrong.
/var/mail/miguel
:
