«

»

Mar 16

hackfest2016: Quaoar CTF WriteUp

I decided to solve the Quaoar VM immediately. Thanks to Viper very much.

Ip address and reconnaissance section no really necessary…

 

 

 

 

 

 

 

 

After I know the IP address I made a nmap scan:

 

 

 

 

Nmap detected the open ports:

 

 

 

 

 

After I entered the website and started what i’m against with:

 

 

 

 

 

I used dirbuster the understand which directories are listable and vulnerable:

 

I found wordpress is vulnerable. After i entered http://192.168.60.204/wordpress/wp-admin directory credentials worked. Bingo!

 

admin

admin

 

After I logged in as admin. I decided to install a webshell from editor section:

 

 

 

 

 

 

I uploaded PHP SHell from github:
https://github.com/b374k/b374k

I created the shell with this command below:
php -f index.php — -o myShell.php -p 1453 -s -b -z gzcompress -c 9

I uploaded the shell and found root database credentials from wp-config.php file:

 

 

 

 

 

 

 

 

After all of this challenge I logged into Quaoar from ssh and found the flags:

 

 

 

 

 

 

 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>