type
status
date
slug
summary
tags
category
icon
password
Status
Due date
Sep 23, 2023 05:08 AM

Progress

Scan the valid services

notion image
notion image
notion image
notion image
notion image

Searching the RCE payload

notion image
first try to get rce
notion image
notion image
☝🏻
system() function was disabled. That’s try other function

Create the paylods using msfvenom

notion image

Payloads

notion image

Get reverse shell

notion image

Root.txt

notion image

save registry record

notion image
notion image

back to the attack machine to get the file

notion image

samdump2 to dump hash

notion image

using john the ripper to brute force the hash

notion image

Reference

osCommerce-2.3.4-Remote-Command-Execution
nobodyatall648Updated Aug 14, 2023
AttackDefense.com [RCE] - osCommerce
https://nitesculucian.github.io/2018/10/26/attackdefense-com-rce-oscommerce/
AttackDefense.com [RCE] - osCommerce
Windows Reverse Shells Cheatsheet
Windows Reverse Shells: 10 payloads in 1 different languages !
Windows Reverse Shells Cheatsheet
https://podalirius.net/en/articles/windows-reverse-shells-cheatsheet/
Windows Reverse Shells Cheatsheet
https://www.bing.com/search?q=oscommerce+2.3.4+exploit&cvid=e03a1fdcbf244a18918725bf1700a7c1&aqs=edge.2.69i57j69i59j0l2j69i59j0j69i60l3.3801j0j4&FORM=ANAB01&PC=U531
How to Copy SAM and SYSTEM Registry Files from Windows 10, 8 and 7 (top-password.com)
john破解系统密码(windows和kali)_john —format_boy_from_village的博客-CSDN博客
使用john、和samdump2破解window密码Window密码获取方式:使用老毛桃或者大白菜制作U盘启动PE系统可自由复制粘贴CAM和system文件保存在U盘内。或者使用SAMCopyer和SAMInside获取sam和system文件。。。方式:通过window下的sam和system文件获取密码的hash值,使用john破解密码的hash获得密码明文。环境:kali 所需软件:kal..._john —format
john破解系统密码(windows和kali)_john —format_boy_from_village的博客-CSDN博客
https://blog.csdn.net/boy_from_village/article/details/80383419
相關文章
Tryhackme - Blaster
Tryhackme - Mr Robot
Tryhackme - Mr RobotRunspace練習