sobota, 3 marca 2018

Droopy CTF

In the middle of the other games available at VulnHub I found the new one I decided to try. This time we will work with Droopy CTF provided by knightmare (thanks!). Here we go...

When machine was ready I started (as usual) to scan the target. "Accidently" I did not type su to go to root on my Kali but I typed us instead of... and this is how I found the unicorn scanner installed on Kali ;] (so below you will find 'us' - not nmap). Check it out:


There is only one (tcp) port open on the target machine - www (80/tcp), so my guess was to open IP address in the browser (as you can see - there is Drupal CMS installed).

I decided to 'check' the version (by looking at the source of the main page):

"Drupal 7" in the comments is 'cool enough' to check the target against the famous exploit called Drupalgeddon (more about the bug you will find here or here). We will use the code (from the last link, Metasploit) to try to get a shell on remote box. This is how I did it:

Good! We're in. ;]

I like to learn a little bit about the hacked machine, so I decided to check some files available on the box... Just to look around ;]

Cheking deeper...

...maybe some config(s) now:


Nice. Checking...


(Not-so-cool-output like during the Kvasir CTF but we will handle it;])

...like this:


Cool :] Let's check dave.tc file now... (I copied it to /var/www/html to download it to my KaliLinux)

Ready to go:


Unfortunately I couldn't find the password, so I decided to go back to checking filesystem...


hm. does it look like a hint from Dave? Let's try to check it:


(... after ~30 minutes without any results I decided to use the hint from Dave...)

Get 11-long-words/passwords only + grep them for '?cadem?'... Right?


So we are here:


Good! Checking:


Ok, file was mounted but I still couldn't access the data on it ('would you like to format the disk?' - no). So I tried to find a solution to extract the content of the dave.tc file...

After a while... I found an interesting link and now I was able to check the dave.tc again:


[:

Checking:

And there it is! The flag!


It was very nice CTF, I really enjoyed it. :] Big thanks goes to the author (as well to the VulnHub for hosting all of those cool resources).

Cheers

o/

Brak komentarzy:

Prześlij komentarz