Probably you have read Acid Reloaded walkthrough, so now it is the time for Acid Server.
From this result we know that only port 33447 is open. We can also see that there is /Challenge directory.
Default web page looks like as follow
The /Challege directory
Nice! But in spite of the good news let's run dirbuster.
hacked.php and cake.php looks interesting.
The cake.php has interesting title /Magic_Box and looks as follow
Let's check /Magic_Box directory
Hmm, maybe dirbuster would be helpful again?
low.php is nothing interesting I think, but comamnd.php probably will be useful.
Great! We have a fat chance to establish connection between the target and our machine. I filled in the ID ADDRESS field using 127.0.0.1 and I have got result in the source code
Now, let's try establish connection, which I mentioned above. I have written php reverse shell script, transfer it using netcat and run via command.php.
Excellent! I have been looking for our chance to escalate privileges and
I have logged in using discovered credentials and I have selected
Cracking would be very time consuming. During our penetration test I have found something like a 1337 Hax0r, so my idea is to add the string with some combination and try to bruteforce some user from /etc/passwd.
Excellent! Let's check our privileges
Game over :-)
