![]() ![]() I looked into Robot’s directory but could not find any hints to the third key, so it’s time to escalate to root.Ģ1. Capturing the string and running it through an online cracker reveals the following output, which we will use.Ģ0. However, in the current user directory we have a password-raw md5 file.ġ8. Sticking to the goal and following the same pattern of key files, we ran a quick check across the file system with command like find / -name key-2-of-3.txt. Below we can see that we have got the shell back.ġ6. Before we trigger the above template, we’ll set up a listener. Below we can see that we have inserted our PHP webshell into the 404 templateġ5. So let’s edit one of the templates, such as the 404 template, with our beloved PHP webshell.ġ4. Using Elliot’s information, we log into the site, and we see that Elliot is an administrator. I wanted to test for other users as well, but first I wanted to see what level of access Elliot has.ġ3. So let’s pass that to wpscan and let’s see if we can get a hit. Now at this point, we have a username and a dictionary file. WordPress then reveals that the username Elliot does exist.ġ1. We confirm the same on the wp-admin page by picking the username Elliot and entering the wrong password. Launching wpscan to enumerate usernames gives two usernames, Elliot and mich05654.ġ0. ![]() We can see this is a WordPress site and has a login page enumerated. So I run back to nikto to see if it can reveal more information for me.ĩ. We do not know yet), but we do not know where to test these. ![]() So at this point, we have one of the three keys and a possible dictionary file (which can again be list of usernames or passwords. We download it, remove the duplicates and create a. As we noticed from the robots.txt file, there is also a file called fsocity.dic, which looks to be a dictionary file. We got one of the keys! (Remember, the goal is to find three keys.)Ħ. As we can see below, we have a hit for robots.txt. Since we can see port 80 is opened, the first thing I always do before running tools such as nikto or gobuster is to look for known pages such as robots.txt.ĥ. Below are the nmap results of the top 1000 ports.Ĥ. Now that we know the IP, let’s start with enumeration. Let’s use netdiscover to identify the same. First, we need to identify the IP of this machine. Robot VM from the above link and provision it as a VM.Ģ. The level is considered beginner-intermediate.ġ. There isn’t any advanced exploitation or reverse engineering. Each key is progressively difficult to find. This VM has three keys hidden in different locations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |