In the middle of the other games available at VulnHub I found the new one I decided to try. This time we will work with Droopy CTF provided by knightmare (thanks!). Here we go...
When machine was ready I started (as usual) to scan the target. "Accidently" I did not type su to go to root on my Kali but I typed us instead of... and this is how I found the unicorn scanner installed on Kali ;] (so below you will find 'us' - not nmap). Check it out:
There is only one (tcp) port open on the target machine - www (80/tcp), so my guess was to open IP address in the browser (as you can see - there is Drupal CMS installed).
I decided to 'check' the version (by looking at the source of the main page):
Drupalgeddon (more about the bug you will find here or here). We will use the code (from the last link, Metasploit) to try to get a shell on remote box. This is how I did it:
I like to learn a little bit about the hacked machine, so I decided to check some files available on the box... Just to look around ;]
(Not-so-cool-output like during the Kvasir CTF but we will handle it;])
Cool :] Let's check dave.tc file now... (I copied it to /var/www/html to download it to my KaliLinux)
Unfortunately I couldn't find the password, so I decided to go back to checking filesystem...
hm. does it look like a hint from Dave? Let's try to check it:
(... after ~30 minutes without any results I decided to use the hint from Dave...)
Get 11-long-words/passwords only + grep them for '?cadem?'... Right?
So we are here:
Ok, file was mounted but I still couldn't access the data on it ('would you like to format the disk?' - no). So I tried to find a solution to extract the content of the dave.tc file...
After a while... I found an interesting link and now I was able to check the dave.tc again:
It was very nice CTF, I really enjoyed it. :] Big thanks goes to the author (as well to the VulnHub for hosting all of those cool resources).