niedziela, 30 grudnia 2018

Typhoon CTF

This time I tried one of the latest CTF available on VulnHub, called Typhoon. Below you will find few notes about it. Here we go...
When you will get your VM we should be somewhere here:



After quick nmap scan we should see few open ports ready to check:


I decided to start from Redis:


Few more steps to check:





So we are here:


I tried to prepare files for ssh fo upload:


 In the mean time I scanned webroot for possible files/dirs to check (using gobuster):


When I saw PMA and Drupal I decided to check them both:


In the mean time I also tried robots.txt:


When I was ready for MSF to load Drupalgeddon poc I decide to try few default passwords for PMA login panel... after a very few... I was logged-in :)

I was wondering if this is time for my super-pma-poc so I grabbed some passwords available inside DBs:


Checking:


No luck, so I moved on to next links/results. Now we landed here:


I decided to check it later (and grab some more passwords):

...and in the mean time, Drupalgedddon2-shell was ready for me:


First guess was to look for more passwords and to look around:

 I tried few shells (and perms from different 'uploads': from redis, creating it via SQL, etc...):

I was wondering if I should use raptor-magic like during the Kvasir CTF. But we are here:
 

More enumeration...

Mentioned access to DB ('perms', for example creating files):


And now we should be here, checking perms for DB (still trying to run raptor ;))


More enum in the mean time and we got a flag:


Checking redis with nmap's scripts:


Checking perms of files created during redis-attacks:


Cracking passwords from PMA (just in case to use it later):


So I decided it's time for some rebel :


Compiling the source on Kali, sharing compiled file via HTTP with target-VM and:

 ... we are here:



Cool :)


Big thanks goes to PrismaCSI for preparing this CTF. Also big thanks goes to the VulnHub Team for sharing all of those VMs.

See you next time.

Cheers

Brak komentarzy:

Prześlij komentarz