Simple CTF

Below we will check Simple CTF prepared by Robert Winkel. You can find this VM here. So...

...if you want more details, try here:

After a while (and quick nmap scan) you should see that webpage:

Great, software looks new ... ;] so after a quick search:

we should be somewhere here:

To exploit it I used Burp Proxy (but before that I created (registered) new user called 'tester'):

According to the original information we should go the Dashboard to upload our evil file:

So it's time for Burp:

Now our 'payload':

...and we should see a 'green message':

Good. Checking:

Ok, 'there is our file'. Changed to webshell:

Remember to change the PAYLOAD in Metasploit too ;)

Checking:

Hmm.. still no shell ;[ Let's try something easier:

Checking:

Good for a while but after a second(s) shell died...

... so I was looking for something else:

Yeah. ;S

Checking:

So far, so good. Next:

Configs/passwords...?

Very funny... ;7

So, first thought:

But I changed it a bit:

Pretty the same (but still 'not yet' added to venome.sh ;))

Preparing remote-bash ;)

To get our little ELF:

...and we shoud be here:

Checking:

And we are here:

After a while with Google, we should be somewhere here:

Refs:
- VulnHub
- taviso @ seclists

Thanks for a cool VM.

Cheers