Difference between revisions of "CTF Quaoar: Walkthrough"

Revision as of 09:41, 24 January 2023

Ambil Quaoar dari Vulnhub

https://www.vulnhub.com/entry/hackfest2016-quaoar,180/#download
Install OVA di VirtalBox
Jalankan, ada clue di page depan Quaoar saat jalan.
Difficulty Level: Very Easy

Cek Mesin

Gunakan

netdiscover -r 192.168.0.0/24

Currently scanning: Finished!   |   Screen View: Unique Hosts                                                                                                                                                                   
                                                                                                                                                                                                                                 
 21 Captured ARP Req/Rep packets, from 20 hosts.   Total size: 1260                                                                                                                                                              
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 .....
 192.168.0.122   08:00:27:b2:18:3a      1      60  PCS Systemtechnik GmbH                                                                                                                                                        
 .....

Scan Quaoar

nmap -v -A 192.168.0.122
    
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-23 21:23 EST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:23
Completed NSE at 21:23, 0.00s elapsed
Initiating NSE at 21:23
Completed NSE at 21:23, 0.00s elapsed
Initiating NSE at 21:23
Completed NSE at 21:23, 0.00s elapsed
Initiating ARP Ping Scan at 21:23
Scanning 192.168.0.122 [1 port]
Completed ARP Ping Scan at 21:23, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:23
Completed Parallel DNS resolution of 1 host. at 21:23, 0.00s elapsed
Initiating SYN Stealth Scan at 21:23
Scanning 192.168.0.122 [1000 ports]
Discovered open port 995/tcp on 192.168.0.122
Discovered open port 53/tcp on 192.168.0.122
Discovered open port 22/tcp on 192.168.0.122
Discovered open port 110/tcp on 192.168.0.122
Discovered open port 80/tcp on 192.168.0.122
Discovered open port 143/tcp on 192.168.0.122
Discovered open port 993/tcp on 192.168.0.122
Completed SYN Stealth Scan at 21:23, 0.11s elapsed (1000 total ports)
Initiating Service scan at 21:23
Scanning 7 services on 192.168.0.122
Completed Service scan at 21:26, 175.53s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.122
NSE: Script scanning 192.168.0.122.
Initiating NSE at 21:26
Completed NSE at 21:26, 12.15s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 1.11s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Nmap scan report for 192.168.0.122
Host is up (0.00055s latency).
Not shown: 993 closed tcp ports (reset)
PORT    STATE SERVICE    VERSION
22/tcp  open  ssh        OpenSSH 5.9p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 d0:0a:61:d5:d0:3a:38:c2:67:c3:c3:42:8f:ae:ab:e5 (DSA)
|   2048 bc:e0:3b:ef:97:99:9a:8b:9e:96:cf:02:cd:f1:5e:dc (RSA)
|_  256 8c:73:46:83:98:8f:0d:f7:f5:c8:e4:58:68:0f:80:75 (ECDSA)
53/tcp  open  domain     ISC BIND 9.8.1-P1
| dns-nsid: 
|_  bind.version: 9.8.1-P1
80/tcp  open  http       Apache httpd 2.2.22 ((Ubuntu))
| http-robots.txt: 1 disallowed entry 
|_Hackers
|_http-title: Site doesn't have a title (text/html).
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.2.22 (Ubuntu)
110/tcp open  pop3?
|_pop3-capabilities: RESP-CODES PIPELINING TOP SASL UIDL STLS CAPA
|_ssl-date: 2023-01-24T02:26:15+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
143/tcp open  imap       Dovecot imapd
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
|_ssl-date: 2023-01-24T02:26:15+00:00; -1s from scanner time.
993/tcp open  ssl/imap   Dovecot imapd
|_ssl-date: 2023-01-24T02:26:15+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
995/tcp open  ssl/pop3s?
|_ssl-date: 2023-01-24T02:26:15+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
MAC Address: 08:00:27:B2:18:3A (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.5
Uptime guess: 0.003 days (since Mon Jan 23 21:22:37 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 

TRACEROUTE
HOP RTT     ADDRESS
1   0.55 ms 192.168.0.122

NSE: Script Post-scanning.
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 191.52 seconds
           Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.366KB)

Tampaknya yang mungkin menarik untuk di exploit adalah port web 80.

Pakai dirb

Lakukan,

dirb http://192.168.0.122

Hasilnya

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Mon Jan 23 21:31:24 2023
URL_BASE: http://192.168.0.122/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                           

---- Scanning URL: http://192.168.0.122/ ----
+ http://192.168.0.122/cgi-bin/ (CODE:403|SIZE:289)                                                                                                                                                                              
+ http://192.168.0.122/hacking (CODE:200|SIZE:616848)                                                                                                                                                                            
+ http://192.168.0.122/index (CODE:200|SIZE:100)                                                                                                                                                                                 
+ http://192.168.0.122/index.html (CODE:200|SIZE:100)                                                                                                                                                                            
+ http://192.168.0.122/LICENSE (CODE:200|SIZE:1672)                                                                                                                                                                              
+ http://192.168.0.122/robots (CODE:200|SIZE:271)                                                                                                                                                                                
+ http://192.168.0.122/robots.txt (CODE:200|SIZE:271)                                                                                                                                                                            
+ http://192.168.0.122/server-status (CODE:403|SIZE:294)                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/                                                                                                                                                                                      
==> DIRECTORY: http://192.168.0.122/wordpress/                                                                                                                                                                                   
                                                                                                                                                                                                                                  
---- Entering directory: http://192.168.0.122/upload/ ----
==> DIRECTORY: http://192.168.0.122/upload/account/                                                                                                                                                                              
==> DIRECTORY: http://192.168.0.122/upload/admins/                                                                                                                                                                               
+ http://192.168.0.122/upload/config (CODE:200|SIZE:0)                                                                                                                                                                           
==> DIRECTORY: http://192.168.0.122/upload/framework/                                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/include/                                                                                                                                                                              
+ http://192.168.0.122/upload/index (CODE:200|SIZE:3040)                                                                                                                                                                         
+ http://192.168.0.122/upload/index.php (CODE:200|SIZE:3040)                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/languages/                                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/media/                                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/upload/modules/                                                                                                                                                                              
==> DIRECTORY: http://192.168.0.122/upload/page/                                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/upload/search/                                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/upload/temp/                                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/upload/templates/                                                                                                                                                                            
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/ ----
==> DIRECTORY: http://192.168.0.122/wordpress/index/                                                                                                                                                                             
+ http://192.168.0.122/wordpress/index.php (CODE:301|SIZE:0)                                                                                                                                                                     
+ http://192.168.0.122/wordpress/license (CODE:200|SIZE:19930)                                                                                                                                                                   
+ http://192.168.0.122/wordpress/readme (CODE:200|SIZE:7195)                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/                                                                                                                                                                          
+ http://192.168.0.122/wordpress/wp-blog-header (CODE:200|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-config (CODE:200|SIZE:0)                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/                                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-cron (CODE:200|SIZE:0)                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/wordpress/wp-includes/                                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-links-opml (CODE:200|SIZE:217)                                                                                                                                                               
+ http://192.168.0.122/wordpress/wp-load (CODE:200|SIZE:0)                                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-login (CODE:200|SIZE:2530)                                                                                                                                                                   
+ http://192.168.0.122/wordpress/wp-mail (CODE:500|SIZE:3011)                                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-settings (CODE:500|SIZE:0)                                                                                                                                                                   
+ http://192.168.0.122/wordpress/wp-signup (CODE:302|SIZE:0)                                                                                                                                                                     
+ http://192.168.0.122/wordpress/wp-trackback (CODE:200|SIZE:135)                                                                                                                                                                
+ http://192.168.0.122/wordpress/xmlrpc (CODE:200|SIZE:42)                                                                                                                                                                       
+ http://192.168.0.122/wordpress/xmlrpc.php (CODE:200|SIZE:42)                                                                                                                                                                   
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/account/ ----
==> DIRECTORY: http://192.168.0.122/upload/account/css/                                                                                                                                                                          
+ http://192.168.0.122/upload/account/forgot (CODE:302|SIZE:0)                                                                                                                                                                   
+ http://192.168.0.122/upload/account/index (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/account/index.php (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/account/login (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/account/logout (CODE:302|SIZE:0)                                                                                                                                                                   
+ http://192.168.0.122/upload/account/preferences (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/account/signup (CODE:302|SIZE:0)                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/account/templates/                                                                                                                                                                    
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/ ----
==> DIRECTORY: http://192.168.0.122/upload/admins/access/                                                                                                                                                                        
==> DIRECTORY: http://192.168.0.122/upload/admins/addons/                                                                                                                                                                        
==> DIRECTORY: http://192.168.0.122/upload/admins/admintools/                                                                                                                                                                    
==> DIRECTORY: http://192.168.0.122/upload/admins/groups/                                                                                                                                                                        
+ http://192.168.0.122/upload/admins/index (CODE:302|SIZE:0)                                                                                                                                                                     
+ http://192.168.0.122/upload/admins/index.php (CODE:302|SIZE:0)                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/upload/admins/interface/                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/admins/languages/                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/admins/login/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/logout/                                                                                                                                                                        
==> DIRECTORY: http://192.168.0.122/upload/admins/media/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/modules/                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/upload/admins/pages/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/preferences/                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/admins/profiles/                                                                                                                                                                      
==> DIRECTORY: http://192.168.0.122/upload/admins/service/                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/upload/admins/settings/                                                                                                                                                                      
==> DIRECTORY: http://192.168.0.122/upload/admins/start/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/support/                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/upload/admins/templates/                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/admins/users/                                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/framework/ ----
==> DIRECTORY: http://192.168.0.122/upload/framework/functions/                                                                                                                                                                  
+ http://192.168.0.122/upload/framework/index (CODE:302|SIZE:0)                                                                                                                                                                  
+ http://192.168.0.122/upload/framework/index.php (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/framework/summary (CODE:403|SIZE:88)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/ ----
+ http://192.168.0.122/upload/include/index (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/include/index.php (CODE:302|SIZE:0)                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/upload/include/yui/                                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/languages/ ----
+ http://192.168.0.122/upload/languages/index (CODE:302|SIZE:0)                                                                                                                                                                  
+ http://192.168.0.122/upload/languages/index.php (CODE:302|SIZE:0)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/media/ ----
+ http://192.168.0.122/upload/media/index (CODE:302|SIZE:0)                                                                                                                                                                      
+ http://192.168.0.122/upload/media/index.php (CODE:302|SIZE:0)                                                                                                                                                                  
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/ ----
+ http://192.168.0.122/upload/modules/admin (CODE:403|SIZE:79)                                                                                                                                                                   
+ http://192.168.0.122/upload/modules/admin.php (CODE:403|SIZE:79)                                                                                                                                                               
+ http://192.168.0.122/upload/modules/index (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/modules/index.php (CODE:302|SIZE:0)                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/upload/modules/news/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/modules/wysiwyg/                                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/page/ ----
+ http://192.168.0.122/upload/page/index (CODE:200|SIZE:0)                                                                                                                                                                       
+ http://192.168.0.122/upload/page/index.php (CODE:200|SIZE:0)                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/page/posts/                                                                                                                                                                           
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/search/ ----
+ http://192.168.0.122/upload/search/index (CODE:200|SIZE:3627)                                                                                                                                                                  
+ http://192.168.0.122/upload/search/index.php (CODE:200|SIZE:3627)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/temp/ ----
+ http://192.168.0.122/upload/temp/index (CODE:302|SIZE:0)                                                                                                                                                                       
+ http://192.168.0.122/upload/temp/index.php (CODE:302|SIZE:0)                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/temp/search/                                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/templates/ ----
==> DIRECTORY: http://192.168.0.122/upload/templates/blank/                                                                                                                                                                      
+ http://192.168.0.122/upload/templates/index (CODE:302|SIZE:0)                                                                                                                                                                  
+ http://192.168.0.122/upload/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/index/ ----
(!) WARNING: NOT_FOUND[] not stable, unable to determine correct URLs {30X}.
    (Try using FineTunning: '-f')
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/ ----
+ http://192.168.0.122/wordpress/wp-admin/about (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/admin (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/admin.php (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/comment (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/credits (CODE:302|SIZE:0)                                                                                                                                                              
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/css/                                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/customize (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/edit (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/export (CODE:302|SIZE:0)                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/images/                                                                                                                                                                   
+ http://192.168.0.122/wordpress/wp-admin/import (CODE:302|SIZE:0)                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/includes/                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/index (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/index.php (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/install (CODE:200|SIZE:1080)                                                                                                                                                           
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/js/                                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/link (CODE:302|SIZE:0)                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/maint/                                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-admin/media (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/menu (CODE:500|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/moderation (CODE:302|SIZE:0)                                                                                                                                                           
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/network/                                                                                                                                                                  
+ http://192.168.0.122/wordpress/wp-admin/options (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/plugins (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/post (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/profile (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/themes (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/wordpress/wp-admin/tools (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/update (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/wordpress/wp-admin/upgrade (CODE:200|SIZE:1173)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/upload (CODE:302|SIZE:0)                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/user/                                                                                                                                                                     
+ http://192.168.0.122/wordpress/wp-admin/users (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/widgets (CODE:302|SIZE:0)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/ ----
+ http://192.168.0.122/wordpress/wp-content/index (CODE:200|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-content/index.php (CODE:200|SIZE:0)                                                                                                                                                          
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/plugins/                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/themes/                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/upgrade/                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/uploads/                                                                                                                                                                
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/account/css/ ----
+ http://192.168.0.122/upload/account/css/frontend (CODE:200|SIZE:1931)                                                                                                                                                          
+ http://192.168.0.122/upload/account/css/index (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/account/css/index.php (CODE:302|SIZE:0)                                                                                                                                                            
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/account/templates/ ----
+ http://192.168.0.122/upload/account/templates/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/account/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/access/ ----
+ http://192.168.0.122/upload/admins/access/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/access/index.php (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/addons/ ----
+ http://192.168.0.122/upload/admins/addons/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/addons/index.php (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/admintools/ ----
+ http://192.168.0.122/upload/admins/admintools/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/admins/admintools/index.php (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/upload/admins/admintools/tool (CODE:302|SIZE:0)                                                                                                                                                           
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/groups/ ----
+ http://192.168.0.122/upload/admins/groups/add (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/admins/groups/groups (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/groups/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/groups/index.php (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/admins/groups/save (CODE:302|SIZE:0)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/interface/ ----
+ http://192.168.0.122/upload/admins/interface/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/interface/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/upload/admins/interface/version (CODE:403|SIZE:90)                                                                                                                                                        
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/languages/ ----
+ http://192.168.0.122/upload/admins/languages/details (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/languages/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/languages/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/upload/admins/languages/install (CODE:500|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/languages/uninstall (CODE:302|SIZE:0)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/login/ ----
==> DIRECTORY: http://192.168.0.122/upload/admins/login/forgot/                                                                                                                                                                  
+ http://192.168.0.122/upload/admins/login/index (CODE:200|SIZE:2929)                                                                                                                                                            
+ http://192.168.0.122/upload/admins/login/index.php (CODE:200|SIZE:2929)                                                                                                                                                        
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/logout/ ----
+ http://192.168.0.122/upload/admins/logout/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/logout/index.php (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/media/ ----
+ http://192.168.0.122/upload/admins/media/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/media/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/media/thumb (CODE:200|SIZE:0)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/modules/ ----
+ http://192.168.0.122/upload/admins/modules/details (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/modules/index (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/modules/index.php (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/modules/install (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/modules/uninstall (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/pages/ ----
+ http://192.168.0.122/upload/admins/pages/add (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/admins/pages/delete (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/pages/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/pages/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/pages/modify (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/pages/restore (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/pages/save (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/admins/pages/sections (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/admins/pages/settings (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/pages/trash (CODE:302|SIZE:0)                                                                                                                                                                
                                                                                                                                                                                                                                  
---- Entering directory: http://192.168.0.122/upload/admins/preferences/ ----
+ http://192.168.0.122/upload/admins/preferences/index (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/preferences/index.php (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/upload/admins/preferences/save (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/profiles/ ----
+ http://192.168.0.122/upload/admins/profiles/index (CODE:200|SIZE:324)                                                                                                                                                          
+ http://192.168.0.122/upload/admins/profiles/index.php (CODE:200|SIZE:324)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/service/ ----
+ http://192.168.0.122/upload/admins/service/index (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/service/index.php (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/settings/ ----
+ http://192.168.0.122/upload/admins/settings/index (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/admins/settings/index.php (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/admins/settings/save (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/settings/setting (CODE:200|SIZE:3839)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/start/ ----
+ http://192.168.0.122/upload/admins/start/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/start/index.php (CODE:302|SIZE:0)                                                                                                                                                           
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/support/ ----
+ http://192.168.0.122/upload/admins/support/index (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/support/index.php (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/templates/ ----
+ http://192.168.0.122/upload/admins/templates/details (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/templates/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/upload/admins/templates/install (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/templates/uninstall (CODE:302|SIZE:0)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/users/ ----
+ http://192.168.0.122/upload/admins/users/add (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/admins/users/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/users/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/users/save (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/admins/users/users (CODE:302|SIZE:0)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/framework/functions/ ----
+ http://192.168.0.122/upload/framework/functions/index (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/framework/functions/index.php (CODE:302|SIZE:0)                                                                                                                                                    
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/yui/ ----
==> DIRECTORY: http://192.168.0.122/upload/include/yui/event/                                                                                                                                                                    
+ http://192.168.0.122/upload/include/yui/index (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/include/yui/index.php (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/include/yui/README (CODE:200|SIZE:8488)                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/include/yui/yahoo/                                                                                                                                                                    
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/ ----
+ http://192.168.0.122/upload/modules/news/add (CODE:403|SIZE:82)                                                                                                                                                                
+ http://192.168.0.122/upload/modules/news/comment (CODE:302|SIZE:0)                                                                                                                                                             
==> DIRECTORY: http://192.168.0.122/upload/modules/news/css/                                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/delete (CODE:403|SIZE:85)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/icon (CODE:200|SIZE:1058)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/modules/news/info (CODE:403|SIZE:83)                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/info.php (CODE:403|SIZE:83)                                                                                                                                                           
+ http://192.168.0.122/upload/modules/news/install (CODE:403|SIZE:86)                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/modules/news/languages/                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/modify (CODE:403|SIZE:85)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/rss (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/modules/news/search (CODE:403|SIZE:85)                                                                                                                                                             
==> DIRECTORY: http://192.168.0.122/upload/modules/news/templates/                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/uninstall (CODE:403|SIZE:88)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/news/upgrade (CODE:403|SIZE:86)                                                                                                                                                            
+ http://192.168.0.122/upload/modules/news/view (CODE:403|SIZE:83)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/wysiwyg/ ----
+ http://192.168.0.122/upload/modules/wysiwyg/add (CODE:403|SIZE:85)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/wysiwyg/delete (CODE:403|SIZE:88)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/wysiwyg/icon (CODE:200|SIZE:1058)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/wysiwyg/index (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/index.php (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/modules/wysiwyg/info (CODE:403|SIZE:86)                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/info.php (CODE:403|SIZE:86)                                                                                                                                                        
+ http://192.168.0.122/upload/modules/wysiwyg/install (CODE:403|SIZE:89)                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/modules/wysiwyg/languages/                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/modify (CODE:403|SIZE:88)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/wysiwyg/save (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/wysiwyg/search (CODE:403|SIZE:88)                                                                                                                                                          
==> DIRECTORY: http://192.168.0.122/upload/modules/wysiwyg/templates/                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/upgrade (CODE:403|SIZE:89)                                                                                                                                                         
+ http://192.168.0.122/upload/modules/wysiwyg/view (CODE:403|SIZE:86)                                                                                                                                                            
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/page/posts/ ----
+ http://192.168.0.122/upload/page/posts/index (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/page/posts/index.php (CODE:302|SIZE:0)                                                                                                                                                             
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/temp/search/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/templates/blank/ ----
+ http://192.168.0.122/upload/templates/blank/index (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/templates/blank/index.php (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/templates/blank/info (CODE:403|SIZE:86)                                                                                                                                                            
+ http://192.168.0.122/upload/templates/blank/info.php (CODE:403|SIZE:86)                                                                                                                                                        
+ http://192.168.0.122/upload/templates/blank/preview (CODE:200|SIZE:1377)                                                                                                                                                       
+ http://192.168.0.122/upload/templates/blank/template (CODE:200|SIZE:507)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/maint/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/network/ ----
+ http://192.168.0.122/wordpress/wp-admin/network/about (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/admin (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/admin.php (CODE:302|SIZE:0)                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-admin/network/credits (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/edit (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/wordpress/wp-admin/network/index (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/index.php (CODE:302|SIZE:0)                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-admin/network/menu (CODE:500|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/wordpress/wp-admin/network/plugins (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/profile (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/settings (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/wordpress/wp-admin/network/setup (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/sites (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/themes (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/network/update (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/network/upgrade (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/users (CODE:302|SIZE:0)                                                                                                                                                        
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/user/ ----
+ http://192.168.0.122/wordpress/wp-admin/user/about (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/user/admin (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/user/admin.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/user/credits (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/wordpress/wp-admin/user/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/user/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/user/menu (CODE:500|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/user/profile (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/plugins/ ----
+ http://192.168.0.122/wordpress/wp-content/plugins/hello (CODE:500|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-content/plugins/index (CODE:200|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-content/plugins/index.php (CODE:200|SIZE:0)                                                                                                                                                  
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/themes/ ----
+ http://192.168.0.122/wordpress/wp-content/themes/index (CODE:200|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-content/themes/index.php (CODE:200|SIZE:0)                                                                                                                                                   
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/upgrade/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/uploads/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/login/forgot/ ----
+ http://192.168.0.122/upload/admins/login/forgot/index (CODE:200|SIZE:2531)                                                                                                                                                     
+ http://192.168.0.122/upload/admins/login/forgot/index.php (CODE:200|SIZE:2531)                                                                                                                                                 
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/yui/event/ ----
+ http://192.168.0.122/upload/include/yui/event/event (CODE:200|SIZE:87537)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/event/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/include/yui/event/index.php (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/event/README (CODE:200|SIZE:9807)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/yui/yahoo/ ----
+ http://192.168.0.122/upload/include/yui/yahoo/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/include/yui/yahoo/index.php (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/yahoo/README (CODE:200|SIZE:2889)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/yahoo/yahoo (CODE:200|SIZE:35223)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/css/ ----
+ http://192.168.0.122/upload/modules/news/css/backend (CODE:200|SIZE:1416)                                                                                                                                                      
+ http://192.168.0.122/upload/modules/news/css/frontend (CODE:200|SIZE:1771)                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/css/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/modules/news/css/index.php (CODE:302|SIZE:0)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/languages/ ----
+ http://192.168.0.122/upload/modules/news/languages/index (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/languages/index.php (CODE:302|SIZE:0)                                                                                                                                                 
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/templates/ ----
==> DIRECTORY: http://192.168.0.122/upload/modules/news/templates/backend/                                                                                                                                                       
+ http://192.168.0.122/upload/modules/news/templates/index (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                 
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/wysiwyg/languages/ ----
+ http://192.168.0.122/upload/modules/wysiwyg/languages/index (CODE:302|SIZE:0)                                                                                                                                                  
+ http://192.168.0.122/upload/modules/wysiwyg/languages/index.php (CODE:302|SIZE:0)                                                                                                                                              
                                                                                                                                                                                                                                  
---- Entering directory: http://192.168.0.122/upload/modules/wysiwyg/templates/ ----
+ http://192.168.0.122/upload/modules/wysiwyg/templates/index (CODE:302|SIZE:0)                                                                                                                                                  
+ http://192.168.0.122/upload/modules/wysiwyg/templates/index.php (CODE:302|SIZE:0)                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/templates/backend/ ----
+ http://192.168.0.122/upload/modules/news/templates/backend/index (CODE:302|SIZE:0)                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/templates/backend/index.php (CODE:302|SIZE:0)                                                                                                                                         
                                                                                                                                                                                                                                 
-----------------
END_TIME: Mon Jan 23 21:35:16 2023
DOWNLOADED: 258272 - FOUND: 252

Disini bisa dilihat terdapat 3 file/folder penting yaitu

/upload
/wordpress
/robots.txt

Pada /robots.txt terdapat tulisan cantik seperti ini

Disallow: Hackers Allow: /wordpress/

____

/___ \_ _ __ _ ___ __ _ _ __
// / / | | |/ _` |/ _ \ / _` | ‘__|
/ \_/ /| |_| | (_| | (_) | (_| | |
\___,_\ \__,_|\__,_|\___/ \__,_|_|

Lalu saya iseng lihat /upload ternyata ada LEPTON CMS namun sepertinya sulit untuk diakses karena menggunakan IP 192.168.0.190. Baiklah mungkin memang disengaja..

Wordpress Scanning Disini saya kemudian menggunakan tools WPScan untuk mencari kelemahan website serta credential untuk login sebagai admin.

wpscan http://192.168.56.102/wordpress --enumerate u

Dan hasilnya seperti ini

WPScan sudah selesai Setelah saya lihat2 celahnya, sepertinya tidak ada yang cukup menjanjikan. Saatnya kita coba bruteforce.

wpscan -u http://192.168.56.102/wordpress --wordlist /usr/share/wordlists/rockyou.txt --username admin --threads 50

Kalau seperti ini, tinggal tunggu pergi aja ngopi atau ngapain kek. Butuh kesabaran untuk melakukan hal ini

Setelah menunggu sekian lama, ada hal yang abnormal ketika bruteforcer menggunakan admin sebagai password

Coba deh login, dan hasilnya adalaaah

Berhasil login ke halaman admin Exploitation Ketika kamu berhasil login ke halaman admin, ini sebenarnya merupakan celah tersendiri karena kamu bisa upload file, atau ganti file php dll. Oke, langsung saja masuk ke laman Appearance>>Editor dan pilih file 404.php. Sisipkan kode berikut

Save file tersebut dan lakukan command injection pada perintah ‘cmd’

Yep berhasil! Upload WSO Shell, saya anggap kalian para pembaca sudah tau ya bagaimana caranya xD. Basically gunakan wget atau curl untuk download file

WSO Shell, silahkan yang mau jalan2 Saatnya connectback shell, tinggal jalankan perintah nc -lvp 31337, dan buka bagian network. Masukkan IP kamu dan jadilah shell seperti ini

Perlu diingat! jangan lupa jalankan 2 perintah ini ketika sudah berhasil connect back

$ python -c "import pty; pty.spawn('/bin/bash');" $ export TERM=xterm Privilege Escalation (getting common user) Silahkan baca output dari linuxprivchecker.py. Ada hal yang menarik dari versi kernel tersebut

[+] Kernel

   Linux version 3.2.0-23-generic-pae (buildd@palmer) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012

Dan ketika saya ingin kompile dan jalankan exploit, hal yang saya takutkan benar-benar terjadi

www-data@Quaoar:/var/www/wordpress/wp-content/themes/twentyfourteen$ gcc The program 'gcc' can be found in the following packages:

gcc
pentium-builder

Ask your administrator to install one of them Oh my god! Tapi saya tidak menyerah, saya cari di https://www.kernel-exploits.com/kernel/?version=3.2.0 dan menemukan exploit yang cocok. Namun ketika dijalankan

Padahal sudah chmod +x sebelumnya Hmm, sekarang kita coba baca kembali /etc/passwd dari linuxprivchecker. Terdapat user wpadmin seperti ini

[+] All users

   root:x:0:0:root:/root:/bin/bash
   daemon:x:1:1:daemon:/usr/sbin:/bin/sh
   bin:x:2:2:bin:/bin:/bin/sh
   sys:x:3:3:sys:/dev:/bin/sh
   sync:x:4:65534:sync:/bin:/bin/sync
   games:x:5:60:games:/usr/games:/bin/sh
   man:x:6:12:man:/var/cache/man:/bin/sh
   lp:x:7:7:lp:/var/spool/lpd:/bin/sh
   mail:x:8:8:mail:/var/mail:/bin/sh
   news:x:9:9:news:/var/spool/news:/bin/sh
   uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
   proxy:x:13:13:proxy:/bin:/bin/sh
   www-data:x:33:33:www-data:/var/www:/bin/sh
   backup:x:34:34:backup:/var/backups:/bin/sh
   list:x:38:38:Mailing List Manager:/var/list:/bin/sh
   irc:x:39:39:ircd:/var/run/ircd:/bin/sh
   nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
   libuuid:x:100:101::/var/lib/libuuid:/bin/sh
   syslog:x:101:103::/home/syslog:/bin/false
   mysql:x:102:105:MySQL Server,,,:/nonexistent:/bin/false
   messagebus:x:103:107::/var/run/dbus:/bin/false
   whoopsie:x:105:112::/nonexistent:/bin/false

....

   wpadmin:x:1001:1001::/home/wpadmin:/bin/sh

Pada password admin wordpress tadi, username & password semuanya sama. Apakah ini juga berlaku pada user wpadmin? mengapa kita tidak coba

Loh ternyata berhasil beneran!!! XD XD

Anyway, saya coba iseng decrypt flag md5 itu dan ternyata tidak ditemukan. Saya coba masukin ke root tapi sepertinya bukan itu passwordnya.

Privilege Escalation (getting root) Karena saya tidak menemukan jalan lain selain bruteforce, namun tentunya pusing juga kalau bruteforce rootnya karena /etc/shadow tidak dapat dibuka.

Akhirnya saya coba iseng melihat konfigurasi wordpress, siapa tau password rootnya adalah password database server

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'root');
/** MySQL database password */
define('DB_PASSWORD', 'rootpassword!');
/** MySQL hostname */
define('DB_HOST', 'localhost');

Lalu saya cobakan saja password rootpassword! pada root

Okay! berhasil sudah sampai disini, yey!!!

Epilogue Terus terang aja sih, ini VM sebenarnya gampang cuma malesinnya adalah maenan bruteforce dan tebak password.

Tentunya walaupun mudah, ini juga merupakan hal yang sulit buat kalian yang masih baru dalam dunia hacking. Tebak password itu bisa gw bilang salah satu “skill dewa” karena kamu harus punya sense yang bagus untuk itu.

Paling segitu dulu saja, stay tuned untuk artikel lainnya yah! :D

Referensi

https://habibiefaried.com/pentest-story-defeating-quaoar-vm-345bea40e111

Difference between revisions of "CTF Quaoar: Walkthrough"

Revision as of 09:41, 24 January 2023

Cek Mesin

Pakai dirb

Referensi

Navigation menu

Search