Gaining access using vulnerable applications could lead to compromise of the systems. Likewise here we take advantage of one vulnerability and gain access to the entire webserver. We identify the services running on the system and start enumerating these services. Further, we check for known vulnerabilities and their exploits, which could compromise the system in gaining a shell to the system. Once a shell is accessible, it’s upon us for further attacks or post-exploitation of the system. However, our aim is to get authorized access to the system using their own set credential for phpMyAdmin. Firstly, we use their credentials since if the logs are monitored it will display logins from the authorized accounts. Secondly, creating another user may indicate a red flag and will lead to identifying the system that has already been compromised. Hiding our anonymity this way would lead them to consider that the credentials had been compromised and they may change their password at most. Which hides our way into the system.
Do drop in your comments... do share, like and subscribe.
0 Comments