Quaoar is a boot2root virtual machine that is available at Vulnhub. This box was created for the Hackfest 2016 CTF.
There are 2 flags on this machine
1. Get a shell
2. Then elevate again to become root
1. Get a shell
2. Then elevate again to become root
Lets begin by Identifying the IP address of machine
With our host we can now perform an NMAP scan to discover any interesting ports:
Several ports are open let’s try port 80 first which is a web application.
To enumerate the directories lets fire up nikto.
From the result its clear that this is a wordpress website.
Therefore, we can fire up up WPScan and enumerate usernames for admin as follows:
At this point I decided to use admin as the password for admin user and I was lucky to login to the word-press site:
Since we are in the dashboard, we can develop a plugin which can initiate a reverse connection to our netcat listener as follows:
Remember to put the payload in plugin format.Plugins must have a header and must be in zip format.
We can now activate this payloads(plugin) and listen for reverse connection using netcat as follows:
After directory lookup I managed to find the first flag in /home directories .
With user www-data ,we can access the wp-config file which contains mysql credentials. What is more interesting is the fact that these credentials are to login as the root user.
Now we can try to login to the root account by just switching our user (SU) as follows:
Now we are sited in root directory.Remember the instruction for the challenge was to read a flag that was located in root directory.
Now we have the final flag
0 comments:
Post a Comment