# nineveh ## port scan ![](https://i.imgur.com/mDz9RFG.png) ## Check port 80 and 443 but there are no useful information(either in the source code) ![](https://i.imgur.com/v8ho73t.png) ![](https://i.imgur.com/vcROXaz.png) ## Use gobuster to enumerate pages on port 80 and port 443 ![](https://i.imgur.com/sRI5Zvx.png) ## Page department I test is there SQL injection exploit the answer is no ![](https://i.imgur.com/1Uus87v.png) ## But we can see that error message give us some feedback(it says invalid password which means username is right) ![](https://i.imgur.com/FG7u2tl.png) ## I test admin admin get this result,so we can enumerate password of the username admin(by hydra) ## Then we can login into the page ![](https://i.imgur.com/GuuVlZU.png) ## There is a LFI exploit ,but right now I don't have any files can be used by this exploit ![](https://i.imgur.com/czhCZ1U.png) ## Go to page db we also can use hydra to enumerate password ![](https://i.imgur.com/Cgoxr0z.png) ## We can look for phpLiteAdmin v1.9 in exploit-db and use one of those exploits we find(we can use this exploit to execute php code) ![](https://i.imgur.com/BviJhup.png) ## I use php code to execute command ![](https://i.imgur.com/C0Er0UF.png) ## Then use command to get reverse shell ![](https://i.imgur.com/LmURE0g.png) ## we can find some keywords from /report Folder then search it in google then we can find another keyword chkrootkit ## Looking for some exploits of chkrootkit ,use it,finally we get root ![](https://i.imgur.com/xSy2UoG.png)