Let's start from the beginning...
"Welcome" message after the VM started:
We've got an IP address so it's time to scan the target machine (to do that I'll use nmap):
We can see some cool TCP ports open:
Let's skip ssh on 23/tcp for now ;] We will check WWW - port 8080:
(FYI: webpage for port 80/tcp looks pretty similar) I decided to run dirb from Kali Linux to check if there are any other available 'resources'. Few results below:
Nice. So let's check those dirs (but using the browser this time):
Ok, nice. Next directory was '/dev/'. Checking...
Very nice, info (usernames) disclosure + 'web-shell' ]8] but how can I use it?
Maybe later...
Let's see the source:
"It's not like a hacker can do anything with a hash" ;[
Good I'm not a hacker ;D
More:
Checking...
"So what's next dude...?"
And we are here:
Few quick tests with Burp:
I used one idea from some other CTFs:
Pretty simple :>
Anyway...
As we have RCE... "How many of you remember The House of Pain?" ;]
Checking...
Ok, file should be on remote box:
Let's run it (via php interpreter):
Not working... "Maybe there is an other way?"
"Sure. Always."
Cool. So now we're in. Quick overview:
Checking the note-file:
Ok. What is the app (any privesc bug or what...)? First file overview and...
Checking...
Machine should be finished now so let's grab the flag to verify:
This was pretty cool CTF :] Not so hard as I thought at the beginning but it's worth to play.
Big thanks goes this time to:
- Nick Frichette - the author
as well as to the:
- VulnHub - for sharing this nice VM!
In case of any questions/comments/feedback - you know how to find me.
Cheers .
Brak komentarzy:
Prześlij komentarz