/admin
:http://convertmyvideo.thm/admin
prompts a login form but we don't know the credential yet:1337
as input, capture the request and send it to Repeater:${IFS}
must be used to represent space, otherwise the syntax of the payload will be interpreted incorrectly. Send this request:http://convertmyvideo.thm/php-reverse-shell.php
and catch a reverse shell as www-data:/var/www/html/admin
, we fidn .htaccess
and .htpasswd
:http://convertmyvideo.thm/admin
prompts a login form and we did not know the credential. Here .htaccess
and .htpasswd
are responsible for this login form. The .htpasswd
file contains a password hash and we should try to crack it using John:itsmeadmin:jessie
:/var/www/html/tmp/clean.sh
is executed as root by some cronjob:/var/www/html/tmp/clean.sh
: