Monday, 13 February 2017

DC146:2016 dick dastardly


Now it is turn to dick dastardly challenge!

Scanning all ports...

Enumerating web pages

Excellent! The dirb scanner found several interesting files on our target.
The admin.php redirect us to index.php

Very interesting. Filling in username as admin and password as ' OR 1=1 -- - we have got following result

Nice! Now we are able to use sqlmap and try to find valid credentials.

Good, let's enumerate deeper! Unfortunately we are not able to retrieve databases names. So, we have to look for other opportunity to get these names.

Excellent! We found second vulnerable parameter. Let's enumerate databases

Very good, let's examine vulnhub database.
Database: vulnhub
Table: admins
[1 entry]
| id | pass                                 | user   |
| 1  | 1b37y0uc4n76u3557h15p455w0rd,5uck3rz | rasta  |
It is not SSH valid password for rasta username :( I don't know for what is the password.
After clicking on add IP to IRC whitelist I performed nmap scanning again and I have got very interesting result

Very good! I installed irssi on my attacker machine and I connected to our target IRC.