First Boot2Root Beginner Quaoar
Hello Folks!
Link to the box :- https://www.vulnhub.com/entry/hackfest2016-quaoar,180/
Rating :- CakeWalk (Best for new CTF/Starters)
Time :- 20-40 mins
Welcome to the first Boot2Root CTF, for those who don't know what's Boot2Root, this is type of machine where you start at the boot and make your way all the way to the "Superuser" called "root", So without further delay let's just boot up the box I am using virtualbox to run this image so the box gives us out the IP address at the very boot
So the "admin:admin" worked let's put up a reverse shell from pentest monkey for this shell deployment you need to go to Appearance > Editor > footer.php is where you paste the script from this site http://pentestmonkey.net/tools/web-shells/php-reverse-shell get the TAR and change the IP
and once it's done change the IP and Port and start the listener to get the initial shell "nc -lvnp 1234" let's us listen to the session and footer.php is nothing but the bottom line that read "Warning : Failed to demonize" to execute the shell we need to open http://IP/wordpress/ the very moment you open it you get a session in inside the box.
Link to the box :- https://www.vulnhub.com/entry/hackfest2016-quaoar,180/
Rating :- CakeWalk (Best for new CTF/Starters)
Time :- 20-40 mins
Welcome to the first Boot2Root CTF, for those who don't know what's Boot2Root, this is type of machine where you start at the boot and make your way all the way to the "Superuser" called "root", So without further delay let's just boot up the box I am using virtualbox to run this image so the box gives us out the IP address at the very boot
So let's start with the standard recon on nmap scan let's see if we can get anything get any ports to poke at
So the port 80 is open let's fireup the browser and see if we can get anything to start on with this box
So it says "Click here to know what you need to do" seems like some prompt to me let's check what happens when we click on it
Ah! right "Hack the planet" sure so let's check the "/robots.txt" it's the standard I always follow to see the robots.txt page and let's see if we get any sort of prompts
So it gives us a prompt to the /wordpress/ and see what's in there
Bullseye let's visit the login page and it's a standard wp admin page let's try to the default admin:admin or admin:root combinations to see if we can get in ?
and once it's done change the IP and Port and start the listener to get the initial shell "nc -lvnp 1234" let's us listen to the session and footer.php is nothing but the bottom line that read "Warning : Failed to demonize" to execute the shell we need to open http://IP/wordpress/ the very moment you open it you get a session in inside the box.
let's look around to find the first flag so we find the first flag it was pretty straightforward to get
moving on to the second flag let's try looking for config files so i did a locate config and came up with this
so let's just cat /var/www/wordpress/wp-config.php
HA! so we found a new login info for root:rootpassword! so we had an open ssh let's try SSH on this box using these credentials
And SSH credentials work and we found the second flag pretty simple!
I didn't bother looking for post exploitation flag we already own the box, so this is how a very basic "CTF" looks like feel free to ask questions and suggest boxes/topics.
Thank You!
nice
ReplyDeleteJust started reading your blogs very well written. Keep up the good work :)
ReplyDelete