Vulnhub Fsoft Hacking Challenges Walkthrough

We start by scanning the host with nmap

Nmap –A –T4 –p- 192.168.1.7

Running dirb on the host there is a robot file inside of it some directories we can try

The path http://192.168.1.7/blog/ is running WordPress, now lets enumerate the users on the service

wpscan –url http://192.168.1.7/blog/ -e u

There is a backup path were have some files were we can download, one of them is a php page with some information of sql database were are a username – password – database name.

The pathhttp://192.168.1.7/assets/adminer.php we can use these credentials in this page as:

Got it and now we can go through the database, I found the admin and fs0ft username and some passwords.

Now we need to add the host name of WordPress to our hosts file

Now we go to http://fsoft.hacking/blog/wp-login.php and login using username fs0ft and password fs0f@2020!@

Now all we need to do is go to Media and upload a php shell there, you may get that the file is not going to be uploaded and may not be viewed, but to make sure it’s there you can go to http://192.168.1.7/blog/wp-content/uploads and you will see it there.

Breaking from shell jail by python3 -c ‘import pty;pty.spawn(“/bin/bash”)’

Then running find / -perm -u=s -type f 2>/dev/null to find writable files by the owner.

There we can see that screen-4.5.0 is a vulnerability that we will use, searching searchsploit for screen came with:

File number 41154.sh .. be aware it won’t run till you execute this command sed -i -e ‘s/\r$//’ 41154.sh .. then rename it to exploit.sh or leave it as it is, transfer it to the host using python –m SimpleHTTPServer 80 , give it executable permissions with chomd +x exploit.sh and run it

2 thoughts on “Vulnhub Fsoft Hacking Challenges Walkthrough”

  1. where you find the that php config file in which username and password for login mysql found you said in backup path i scroll every path file but couldn’t find it please tell more .

    Like

    1. its in the /backup path in a zip file named web_12032018-backup.zip , unzip it and you will find some files there , go through them and you will find what you need

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s