![]() Let’s move on to the next step.Īs we know, Drupal 8 is a much older version of Drupal, so it must have some vulnerabilities which can be exploited. In this step, we have discovered that the target machine is running a Drupal 8 CMS-based application. I checked the HTML of this page and found that it was running with Drupal 8, which can be seen in the highlighted area in the following screenshot. We can see that Drupal CMS is running from this directory. In Step 4 we found a Drupal directory, so let’s open this folder to check the contents of the application. I explored the website but could not find anything to exploit, so I ran the dirb scan on the website.Īs you can see, dirb has generated a large output with some interesting directories. We know from the Nmap scan that port 80 was also found open, so let’s hit the target machine IP on the browser to see the available website. In the next step, we will explore the HTTP port. Therefore, I left this port here and decided to move to other ports. I also checked the exploits for vsFTPd 3.0.2 version, but there was no working exploit available. After successfully authenticating into the FTP service, I checked the directories but could not find anything. We can see that the FTP anonymous user was enabled on the target machine. In the next step, we will start with the FTP port.Īs the FTP port was found open in Step 2, I tried to log into the system with anonymous as both the username and password. We will be exploring these ports throughout the article until we find a way to enter the target machine. ![]() We can see in the output of the Nmap scan that there are a lot of open ports on the target machine. ![]() If we do not use –p-, then Nmap will by default only scan a few well-known ports. Another option used in the above command is –p- switch, which tells Nmap that a full port scan needs to be done. The -Pn switch is used for No Ping Scan sometimes the server does not respond to ping requests, so I always prefer to use the –Pn option every time during port scanning. The command and the results of the Nmap scan can be seen below.Īs we can see, we’ve used two options with Nmap, so now let’s understand it in detail. For port scanning, I launched an Nmap full port scan, which is used to check all 65,531 ports. Furthermore, we can explore these ports in order to identify vulnerabilities in the target system. The next step is port scanning, which will list the open port details. Note: Since the IP addresses are being assigned by the DHCP, they may be different in your case. We will be using 192.168.1.104 as the attacker machine IP address. We can see that the target machine IP address is 192.168.1.103 and my Kali machine IP address is 192.168.1.1.104. The output of the command can be seen below. Since we are running a virtual machine in the same network, we can identify the target machine IP address by running the netdiscover command. The first step to starting any CTF is to identify the target machine IP address. Running the local exploit and getting root access.Downloading and compiling the local exploit.Enumerating the operating system and kernel version.Exploiting and gaining access to the target machine.Enumerating HTTP service by using the dirb utility.Identifying open ports by using the Nmap scan.Identifying target host by using netdiscover utility.The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets. ![]() I am using Kali Linux as an attacker machine for solving this CTF. Please Note: For these machines, I have used Oracle Virtual Box to run the downloaded machine. There are a lot of other challenging CTF exercises available on and I highly suggest attempting them, as it is a good way to sharpen your skills and learn new techniques in a safe environment. You can download vulnerable machines from this website and try to exploit them. For those who are not aware of the site, VulnHub is a well-known website for security researchers which aims to provide users with a way to learn and practice their hacking skills through a series of challenges in a safe and legal environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |