Quaoar Walkthrough
Hi Guys,
So I thought of solving a machine and found Quaoar with the difficulty level of 'easy'.
I started the machine and found the IP Address to be 192.168.1.3 .
There was a link that said click here I clicked on the link and was redirected to a image Hack_The_Planet.jpg.
I thought of visiting robots.txt and to my luck there was one.
As soon as I got knew the login and password correct I ran Yertle a very useful tool I came across for WordPress Exploitation.
Thanks @kitploit for the tool WPForce.
I immediately ran nmap on the IP and found the many open ports.
I saw that port 80 was open so I visited the IP Address on my browser.
There was a link that said click here I clicked on the link and was redirected to a image Hack_The_Planet.jpg.
I thought of visiting robots.txt and to my luck there was one.
I saw WordPress is allowed to I visited the link allowed and found wordpress being installed.
My first instance was to look for readme.html and to my surprise I found it so I thought of searching the login page wp-login.php. My My today's is a luck day for me. I tried
username: admin
password: admin
As soon as I got knew the login and password correct I ran Yertle a very useful tool I came across for WordPress Exploitation.
I started a netcat on another terminal and from yertle I took reverse shell to it.
Once I got access I started working on finding the first flag which was in /home/wpadmin/flag.txt.
This is how I got my first flag. I thought of searching config file for the database. I found multiple files I opened the first one and got the password for root account.
username: root
password: rootpassword!
I have the root's password now I tried connecting to the machine through ssh when promted for password I entered the password and got access.
On getting access my first approach was to locate flag.txt. I found two flag.txt. One was the previous one and the other was the second flag.
Comments
Post a Comment