PwnLab: Init Walkthrough

Welcome.

This is a CTF (Capture The Flag) challenge but the ultimate goal is to get root access to the VM (Virtual Machine). I am using VMWare Workstation Pro 12 and my attacker machine is Parrot OS 3.4.1. I am on bridged network so I am directly connected to the router by my VM.Hope everyone knows how to setup a lab, and if not please search on Google on How to Setup A VM on VMWare, there are many tutorials available on the internet.If you want any information or want to download the PwnLab: Init lab. So I just boot up my VMs.Here my IP address for eth0-192.168.16.104 and for eth1-192.168.16.108.

1.png

After knowing the IP I start NMAP scan. The same can be done by NETDISCOVER.

23

We can see the NMAP scan is more detailed as it also provides us with the port state. As we can see from 1st image that port 80 is open that means a site is hosted on it.As i open it in my browser I can see a website hosted on the IP.

4.png

As we can see there are 3 options but there is nothing useful in either of the 3 pages , there isn’t anything interesting in the source code too. Also I noticed that to upload anything we have login first , but as we don’t  have any login details we will leave it at that.Starting a more detailed NMAP scan and NIKTO to find something more interesting.

56NMAP scan didn’t return any interesting results but I noticed something unusual in  the NIKTO scan results and that is config.php , but opening it in browser returns a blank page. I was hoping for LFI vulnerability in the web page hosted but all my efforts were in vain. So I decided to search the web for ways to bypass the LFI protection and I came across another blog by Aaditya Purani. So i injected the payload and got the following data.

7

It looked like a base64 string so I quickly decoded and got the following result.

8.png

Looks like the credentials to some database so I quickly head over to extract the database

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s