I decided to solve the Quaoar VM immediately. Thanks to Viper very much.
Ip address and reconnaissance section no really necessary…
After I know the IP address I made a nmap scan:
Nmap detected the open ports:
After I entered the website and started what i’m against with:
I used dirbuster the understand which directories are listable and vulnerable:
I found wordpress is vulnerable. After i entered http://192.168.60.204/wordpress/wp-admin directory credentials worked. Bingo!
admin
admin
After I logged in as admin. I decided to install a webshell from editor section:
I uploaded PHP SHell from github:
https://github.com/b374k/b374k
I created the shell with this command below:
php -f index.php — -o myShell.php -p 1453 -s -b -z gzcompress -c 9
I uploaded the shell and found root database credentials from wp-config.php file:
After all of this challenge I logged into Quaoar from ssh and found the flags:
