Today im going to present you a walkthrough of Droopt challenge.
root@osboxes:~# nmap -sP 192.168.1.0/24I open a browser and display the web application.
[CUT]
Nmap scan report for 192.168.1.103
Host is up (0.00054s latency).
MAC Address: 00:0C:29:4F:82:66 (VMware)
[CUT]
root@osboxes:~# nmap -p- 192.168.1.103
[CUT]
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:0C:29:4F:82:66 (VMware)
OK, I was trying conduct SQL Injection and default credentials attack but without success. So I examine a source code and BINGO!
Drupal 7 contains several vulnerabilities.I found one of them -SQL Injection, I executed it and...
Excellent! We should verify this good news.
Great! We logged into admin account! We have to find some way upload a backdoor. I was trying with Avatar, with Add Content but without success.
Finally I found helpful options
Now we should check the PHP Filter and try inject into page content our reverse shell code.
and...
Excellent! We have gained limited shell!
We can check OS with details and find an exploit to escalate our peivileges (as an exercise for you).
Game over!
