Friday, 6 May 2016

Droopy CTF

Today im going to present you a walkthrough of Droopt challenge.
root@osboxes:~# nmap -sP


Nmap scan report for
Host is up (0.00054s latency).
MAC Address: 00:0C:29:4F:82:66 (VMware)


root@osboxes:~# nmap -p-


80/tcp open  http
MAC Address: 00:0C:29:4F:82:66 (VMware)
I open a browser and display the web application.

OK, I was trying conduct SQL Injection and default credentials attack but without success. So I examine a source code and BINGO!

Drupal 7 contains several vulnerabilities.I found one of them  -SQL Injection, I executed it and...

Excellent! We should verify this good news.

Great! We logged into admin account! We have to find some way upload a backdoor. I was trying with Avatar, with Add Content but without success.
Finally I found helpful options

Now we should check the PHP Filter and try inject into page content our reverse shell code.


Excellent! We have gained limited shell!
We can check OS with details and find an exploit to escalate our peivileges (as an exercise for you).

Game over!