[VulnHub] HACKME 1 LAB WRITE UP

 Hello guys, today I will show you some interesting stuffs . 👨

I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.

Let's get started !

- GATHERING INFORMATION :

+Nmap 

Nikto

EXPLOIT

when we access to this IP , a login form appears !

Because I dont have any account , and this form doesnt seems to be vulnerable ( I had tried), I register a random account and login to it .

 

Welcome!

I try some arbitrary inputs but nothing appears . But when the input field is empty and I click search button , a catalog comes up! 

It's a table . So I think about Sqli . and after about 20 minutes fuzzing, that's it !

Here is the result :

' union select 1,2,3# 

  

DATABASE:

After some query , I define the accout maybe useful superadmin:2386acb2cf356944177746fc92523983

After decrypt md5 password , I use this account to login :

This account could upload image to server . After having check the Upload Image mechanism and upload some random extension files , I ensure that the mechanism did not have any restrictions . So , I can easily upload php file to the server !   

So , the next aim is privilage escalation to root . 

I explore this server about 10 minutes and figure out an interesting file named touchmenot

👀👌

So I decide to touch it 😆

GET ROOT!

Happy Hacking !