Run nmap $IP.
As we can see we have "5" open ports, go to see the home page of the web site.
[Task 1]
Answer 1 ("No answer needed")
Answer 2 ("web server port")
Answer 3 ("high port")
Home page. A blog is running on.
"dirsearch" to find any directory on the website.
Find directories with "Dirsearch".
but we can see if the "robots.txt" exists go to test.
See robots file.
In summary we found 4 directories and one possible password in the beggin
of the page on robots file, but only the "third directory is running where
we can found a login like. Go to see.
go to search it in the blog of the website.
Find credentials to login.
When we were navegating into the website we did see that a user called "Jane
Doe" have an email with the following address "JD@anthem.com" but he isn't
the administrator but we have a date, we did find a peoma for the administr-
ator of the website so go to search some information on google.
Great we now the admin user name, now go to login, but before to go to
login in the previous image you could see that the user "Jane Doe" have
an email "JD@anthem.com" so we should put the first name and last
name followed by the domain name. Great as you see the
credentials are valids! now go to the remote desktop. As you can see in the
nmap scan we have the "most high port open" is the remote desktop port. go to
login with "the abbreviated username" and the password in the "robots file".
Cool! we found the "User flag". Now got o find the administrator's password
and the "root flag".
We should show the hidden files and we'll find a backup direcctory and restore
file, when we try to open the "restore" file we receive a message that say we
have not privileges on the system. But we can read the file, got to the file, right
click and then press "properties" then "security" and edit botton, you should
give full control of read and write to the "blog's admin" user and we could
read the file. now we found the administrator's password, so we can
read write and execute anything in the system. Go to read the "root flag".
Thank you very much for read this writteup! see you later.
Doe" have an email with the following address "JD@anthem.com" but he isn't
the administrator but we have a date, we did find a peoma for the administr-
ator of the website so go to search some information on google.
Google above. information
login in the previous image you could see that the user "Jane Doe" have
an email "JD@anthem.com" so we should put the first name and last
name followed by the domain name. Great as you see the
credentials are valids! now go to the remote desktop. As you can see in the
nmap scan we have the "most high port open" is the remote desktop port. go to
login with "the abbreviated username" and the password in the "robots file".
Find flags in the source code.
Flag 1
Flag 2
Flag 3
Flag 4
User flag.
and the "root flag".
Administrator's password and root flag.
file, when we try to open the "restore" file we receive a message that say we
have not privileges on the system. But we can read the file, got to the file, right
click and then press "properties" then "security" and edit botton, you should
give full control of read and write to the "blog's admin" user and we could
read the file. now we found the administrator's password, so we can
read write and execute anything in the system. Go to read the "root flag".
Thank you very much for read this writteup! see you later.
Post a Comment
Comments here, cracks!