Quaoar Walkthrough

Hi Guys,
So I thought of solving a machine and found Quaoar with the difficulty level of  'easy'. 

I started the machine and found the IP Address to be . 

I immediately ran nmap on the IP and found the many open ports.

I saw that port 80 was open so I visited the IP Address on my browser.

There was a link that said click here I clicked on the link and was redirected to a image Hack_The_Planet.jpg.

I thought of visiting robots.txt and to my luck there was one.

I saw WordPress is allowed to I visited the link allowed and found wordpress being installed.

My first instance was to look for readme.html and to my surprise I found it so I thought of searching the login page wp-login.php. My My today's is a luck day for me. I tried 

username: admin
password: admin

As soon as I got knew the login and password correct I ran Yertle a very useful tool I came across for WordPress Exploitation.

I started a netcat on another terminal and from yertle I took reverse shell to it.

Once I got access I started working on finding the first flag which was in /home/wpadmin/flag.txt.

This is how I got my first flag. I thought of searching config file for the database. I found multiple files I opened the first one and got the password for root account.

username: root
password: rootpassword!

I have the root's password now I tried connecting to the machine through ssh when promted for password I entered the password and got access. 

On getting access my first approach was to locate flag.txt. I found two flag.txt. One was the previous one and the other was the second flag.

Thanks @Viper and @Vulnhub for an interesting machine.
Thanks @kitploit for the tool WPForce.


Popular Posts