sobota, 23 marca 2019

LazySysAdmin CTF

This time I tried to solve CTF called LazySysAdmin prepared by @TogieMcdogie. You can find it here thanks to VulnHub. Here we go...
When your VM machine is ready:


we can start from quick nmap scan:


Checking dirs on remote HTTP:


Ok, so for now we should have minimum 3 points to 'try to log in': /wordpress/, /phpmyadmin/, ssh. Checking what's next (in nmap log file) - port 139/tcp. Checking:


Good, let's try to connect:


Looks promising, checking wp-config.php:


Now I was able to log in to Wordpress panel. After a while I tried another file available on SMB - deets.txt:

Uh. Checking:

:) should be fun:

Quick check for vi:




So we should be here:


See you next time!

Cheers



Posted by at
Labels: , , ,

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)