Hello guys, today I will show you some interesting stuffs . π¨
I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.
Let's get started !
- GATHERING INFORMATION :
+Nmap
Nikto
EXPLOIT
when we access to this IP , a login form appears !
Because I dont have any account , and this form doesnt seems to be vulnerable ( I had tried), I register a random account and login to it .
Welcome!
I try some arbitrary inputs but nothing appears . But when the input field is empty and I click search button , a catalog comes up!
It's a table . So I think about Sqli . and after about 20 minutes fuzzing, that's it !
Here is the result :
' union select 1,2,3#
DATABASE:
After some query , I define the accout maybe useful superadmin:2386acb2cf356944177746fc92523983
After decrypt md5 password , I use this account to login :
This account could upload image to server . After having check the Upload Image mechanism and upload some random extension files , I ensure that the mechanism did not have any restrictions . So , I can easily upload php file to the server !
So , the next aim is privilage escalation to root .
I explore this server about 10 minutes and figure out an interesting file named touchmenot
ππ
So I decide to touch it π