sobota, 21 maja 2016

Pentester Lab CTF - Web For Pentester

Another cool VM from Pentester Lab called "Web For Pentester". Just like before, you can find the ISO on vulnhub.com. Let's find out what we can do with this one. Prepare VM and let's get to work.

As always, let's scan it first to see if there is an interesting service(s) running:




Ok, now we know that there is a WWW, so probably there will be some interesting webapp to exploit...


Ok, cool. There is a lot of fun as we can see. Let's check the most interesting (and IHMO) the fastest way(s) to get inside this box - code injections:


Simple bypass with ";" character. Nice. Let's exploit it a little bit more:


Ok, it's working. Let's do more:

Ok, so looks like for this excercise - it's over. To get more fun you can try to expoit SQL injection vulnerabilities here as well:
More passwords? Cool, maybe we will use in future attacks. ;)

Brak komentarzy:

Prześlij komentarz