poniedziałek, 7 stycznia 2019

Simple CTF

Below we will check Simple CTF prepared by Robert Winkel. You can find this VM here. So...

...if you want more details, try here:


After a while (and quick nmap scan) you should see that webpage:


Great, software looks new ... ;] so after a quick search:


we should be somewhere here:


To exploit it I used Burp Proxy (but before that I created (registered) new user called 'tester'):


According to the original information we should go the Dashboard to upload our evil file:


So it's time for Burp:


Now our 'payload':



...and we should see a 'green message':

Good. Checking:


Ok, 'there is our file'. Changed to webshell:

Remember to change the PAYLOAD in Metasploit too ;)


Checking:

Hmm.. still no shell ;[ Let's try something easier:


Checking:


Good for a while but after a second(s) shell died...


... so I was looking for something else:


Yeah. ;S

Checking:


So far, so good. Next:

Configs/passwords...?


Very funny... ;7

So, first thought:


But I changed it a bit:


Pretty the same (but still 'not yet' added to venome.sh ;))

Preparing remote-bash ;)


To get our little ELF:


...and we shoud be here:

Checking:


And we are here:


After a while with Google, we should be somewhere here:


Refs:
- VulnHub
- taviso @ seclists

Thanks for a cool VM.

Cheers





Brak komentarzy:

Prześlij komentarz