Persecure : my learning archive

,

TOPHATSEC: FRESHLY CTF

https://www.vulnhub.com/entry/tophatsec-freshly,118/

Run a nmap scan to find for open ports.

Run a gobuster enumeration to find hidden directories.

gobuster dir -u http://192.168.18.29 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x txt,php,html

Found a form login page.

Use SQLmap to find for databases and more clues.

sqlmap -u ‘http://192.168.18.29/login.php’ –forms –dbs

Found a database called wordpress8080

Found the user and password.

Do another gobuster scan on port 8080 and a login page is found.

Login to the site with the credentials found by SQLmap.

Edit the theme page and insert a PHP revers shell.

Start a net cat listener and you will gain a shell.

switch the user with the credentials found and root access is gained.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: