Wednesday, 8 June 2016

Acid Server challenge

Probably you have read Acid Reloaded walkthrough, so now it is the time for Acid Server.

From this result we know that only port 33447 is open. We can also see that there is /Challenge directory.
Default web page looks like as follow

The /Challege directory

Nice! But in spite of the good news let's run dirbuster.

hacked.php and cake.php looks interesting.
The cake.php has interesting title /Magic_Box and looks as follow

Let's check /Magic_Box directory

Hmm, maybe dirbuster would be helpful again?

low.php is nothing interesting I think, but comamnd.php probably will be useful.

Great! We have a fat chance to establish connection between the target and our machine. I filled in the ID ADDRESS field using and I have got result in the source code

Now, let's try establish connection, which I mentioned above. I have written php reverse shell script, transfer it using netcat and run via command.php.

Excellent! I have been looking for our chance to escalate privileges and

I have logged in using discovered credentials and I have selected

Cracking would be very time consuming. During our penetration test I have found something like a 1337 Hax0r, so my idea is to add the string with some combination and try to bruteforce some user from /etc/passwd.

Excellent! Let's check our privileges

Game over :-)