Daily Bugle

Tasks:

  1. Deploy:
    1. Deploy machine visit ip address in browser and submit the answer.
    2. Perform nmap scan with nmap -sC -A -T5 ip - website is using joomla
  2. Obtain user and root:
    1. use msfconsole auxilary script to detect joomla version - 3.7.0
    2. Use searchsploit for joomla version - vulnerable to SQLi
    3. Use this public exploit for the CVE - got username,password hash for joomla database.
    4. Hash is bcrypt , crack it with john and rockyou.txt wordlist - spiderman123
    5. login to http://ip/administrator with username and password and upload shell in default templates index.php and get reverse shell.
    6. cat var/www/html/configuration.php , it contains lot of sensitive information, copy the password. cd /home and ls , there is user called jjameson, login as that user with password obtained.
    7. cat /home/jjameson/user.txt and submit user flag.
    8. sudo -l says we can run yum as sudo, search yum exploit in GTFOBins and proceed to obtain root priviledge.
    9. cat /root/root.txt and submit root flag !!!
  3. Credits:
    1. Just click completed

results matching ""

    No results matching ""