Difference between revisions of "W1R3S: 1.0.1 ~ VulnHub - CTF Walkthrough"
m (→Enumeration) |
m (→Enumeration) |
||
Line 42: | Line 42: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | A quick checked of '''WordPress''' with '''wp-scan''' did not reveal anything interesting. Gut feel tells me to put that aside and move to '''CUPPA''' older versions of which, according to google, come with a '''LFI''' vulnerability. | + | A quick checked of '''WordPress''' with '''wp-scan''' did not reveal anything interesting. Gut feel tells me to put that aside and move to '''CUPPA''' older versions of which, according to google, come with a '''LFI''' vulnerability. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=== Exploitation === | === Exploitation === |
Revision as of 17:32, 20 June 2018
Contents
Objective
xxxxxxxxxxxxxxxxxxxxx
Source: [xxxxxx]
Status: [Completed]
Methodology
Discovery
root@blaksec:/ # export TANGO=192.168.56.101
root@kali:~/Desktop/w1r3s# nmap -O -sT -sV -p- -T5 192.168.56.101
Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-26 19:01 EDT
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 192.168.56.101
Host is up (0.00093s latency).
Not shown: 55528 filtered ports, 10003 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.8 or later
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
3306/tcp open mysql MySQL (unauthorized)
MAC Address: 08:00:27:CB:EE:8B (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.10 - 4.8
Network Distance: 1 hop
Service Info: Host: W1R3S.inc; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Entry Point #1 - Port 80 (HTTP)
Enumeration
A quick scan with dirb came back with two directories wordpress and administrator. The former runs the obvious - Word Press, the latter - CUPPA CMS
WordPress is configured to run under localhost so we need to update /etc/hosts
192.168.56.101 localhost
A quick checked of WordPress with wp-scan did not reveal anything interesting. Gut feel tells me to put that aside and move to CUPPA older versions of which, according to google, come with a LFI vulnerability.
Exploitation
xxx xxx xxx
xxx
xxx
xxx
xxx
xxx
Final Notes
xxx
Appendix A: Vulnerability Detail and Mitigation
Rating | High |
Description | xxxx |
Impact | xxxxxxxxxxxxxxxxxxxxxxxxxxxx |
Remediation | xxxxxxxxxxxxxxxxx |