Friday 22 July 2016

Kioptrix 5

Hello,
Now it's turn to the last (unfortunately) Kioptrix challenge.

Scanning








Two open ports? It suits me.
Let's begin our travel from port 80. Default web page is a default page for Apache - It works, but source code contains good news for us.











Wow, there is pChart, that's good for us, because it contains multiple vulnerabilities.

































OK, let's try exploit Directory Traversal vulnerability.























Excellent! Let's try find Document Root file for apache.


































What do you think about it? I have changed User Agent using Burp Suite and I have got on port 8080











I have clicked on it

































Hmmm I don't know how to exploit it.... But quick research and we can use Remote Code Execution!
I have used Metasploit Framework and I have got limited shell!

























So, now it's time to escalate our privileges.























Game over!