-
Miles Password a. nmap scan b. smb client - no password c. log files - password list d. gobuster - squirrel mail login e. attention note from ‘Miles Dyson’ f. capture squirrel mail login g. use hydra user milesdyson and use password list send request user: milesdyson pass: cyborg007haloterminator
-
Samba password reset: )s{A&2Z=F^n_E.B` smbclient -U milesdyson \\10.10.10.10\milesdyson notes> important.txt get important.txt cat important.txt hidden directory: /45kra24zxs28v3yd
-
Remote file inclusion
-
gobuster dir -u http://10.10.10.10/45kra24zxs28v3yd -w directory-wordlist.txt /administrator search sploit cuppa copy exploit