Squid

Nmap output

Nmap scan report for 192.168.213.189
Host is up (0.059s latency).
Not shown: 65529 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
3128/tcp  open  http-proxy    Squid http proxy 4.14
|_http-title: ERROR: The requested URL could not be retrieved
|_http-server-header: squid/4.14
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

We have squid proxy running on port 3128. So we setup proxy using foxyproxy

We used spose.py to run port scan using proxy and found port 8080 & 3306 open

Wampserver is running on port 8080

We have phpmyadmin running and we used default creds

We are able to login into server

From the phpinfo page we got the root directory of the wamp server

Then we created a command.php file using phpmyadmin sql query

Accessed & ran command and we got command execution

Downloaded the reverse shell payload & ran it

Got NT

Got local.txt (f0e8d5f2c3af412133d043571f3c9a86)

Got proof.txt (f94e41859495b9bb6e1e2ef123467cf9)