During last weekend I had a pleasure to check few more CTF's hosted by VulnHub. This time we will check out "Quaoar". Big thanks this time goes to @ViperBlackSkull who prepared the game. Let's play...
As you can see on description page here, Quaoar, is only one game from the whole series called "hackfest2016". (I think you will check all of them anyway ;) ) So... Here we are:
While 'initial scan' is in progress in the console window I was trying to see something more on the web... and I found this:
In the middle of time I found that there is one more interesting directory:
I must say, I was very surprised when I saw which password was 'the good one' to be an admin...
So - from that step:
...there was one more to webshell ;)
Cool. I edited another file - index.php :)
And now, we should be somewhere here:
Let's try to beautify our shell:
So hm.. what to do next... :> maybe I should try to find some suid files... but I decided to first maybe grab some files with the content related to (grep) -i password (passwd, pwd=, etc, etc...).
After a while I realized that maybe I will find some configs in webroot ;] Check it out:
Got it ;] Any flag there?
I think that to solve the box I used the easiest way (because of ports opened there), so I will check this machine (and other from hackfest2016 the series) and try to solve it again without Wordpress this time ;)
Big thanks goes again to @ViperBlackSkull for preparing this CTF.
Also big thanks goes to the VulnHub for sharing such games.