#Elyana pic password#
After decoding the base64 encoded string I found the password for the username elyana. I did a quick search on google on the php filter bypass and finally got the contents of the wp-config.php file in base64 encoded strings It seems we have to bypass the filter to get the content of the wp-config.php file. After trying to access the wp-config.php file it didn’t return anything. Since, it was successful we can get the reverse shell using Access log poisoning…is what I thought first but I had to work another way and ended up with the wp-config.php file which holds the password for the database. But in this case, we should also include the /wordpress directory name. The affected parameter is ?pl from the mail-masta plugin which can be used to include the local files. Let’s search for any publicly available exploits using searchsploit.īoth of them are valid exploits and can be used to exploit the machine, but I first tried the LFI exploit. Wpscan -url We can see the plugins mail-masta and reflex-gallery and their respective versions. I also tried bruteforcing the passwords for the usernames that we just found but don’t bother doing it. Since it runs wordpress, our next step is to run wpscan for enumerating what plugins and themes the wordpress site use. I found some usernames in this page which I’ve highlighted. I used gobuster to find the hidden directories with the common.txt wordlist. The ftp server was empty so ultimately I checked the http service.Īs we can see, it shows the apache2 index.html page. There are only 3 ports open: 21/ftp, 22/ssh and 80/http. Few intended and unintended paths to getting user and root access.ĭeploy the VM and let’s hack the machine!!! Enumeration Where a paragraph begins with a >, it denotes a separate news item.Author i7md Description This is a fun box where you will get to exploit the system in several ways. As such, stories are grouped according to the respective language/medium. The above articles are compiled from the vernacular newspapers (Bahasa Malaysia, Chinese and Tamil dailies). There are six types of cendol offered, with prices from RM2.50 to RM6.50, said its owner, Muhammad Razi Muhammad Rafiq. The restaurant, which opened on Oct 10, serves food such as shaved ice, cendol, nasi lemak and curry noodles. > Restaurant workers in Seremban wear superhero costumes while delivering orders as a way to amuse their customers during the conditional movement control order (MCO), Utusan Malaysia reported.Ī photograph accompanying the report showed two workers in Spider-Man and Batman costumes. Her last chemotherapy treatment took place in 2016. The singer, who is well known for the song Kalis Rindu, said her daily routine now includes taking care of her two children Cinta Sumayyah, 10, and 17-month-old Cahaya Ramadhani.Įlyana got married in 2010. “I am taking medication prescribed by the doctor to help increase my appetite, ” she said. The cancer, diagnosed almost 10 years ago, recently spread to her cervix, liver and thigh. SINGER Erneelya Elyana ( pic), popularly known as Elyana, is working towards gaining weight so that she will be strong enough for chemotherapy treatment, Harian Metro reported.Įlyana, 33, has stage four lymphoma cancer.