Now it is turn to dick dastardly challenge!
Scanning all ports...
Enumerating web pages
Excellent! The dirb scanner found several interesting files on our target.
The admin.php redirect us to index.php
Very interesting. Filling in username as admin and password as ' OR 1=1 -- - we have got following result
Nice! Now we are able to use sqlmap and try to find valid credentials.
Good, let's enumerate deeper! Unfortunately we are not able to retrieve databases names. So, we have to look for other opportunity to get these names.
Excellent! We found second vulnerable parameter. Let's enumerate databases
Very good, let's examine vulnhub database.
Database: vulnhubIt is not SSH valid password for rasta username :( I don't know for what is the password.
Table: admins
[1 entry]
+----+--------------------------------------+--------+
| id | pass | user |
+----+--------------------------------------+--------+
| 1 | 1b37y0uc4n76u3557h15p455w0rd,5uck3rz | rasta |
+----+--------------------------------------+--------+
After clicking on add IP to IRC whitelist I performed nmap scanning again and I have got very interesting result
Very good! I installed irssi on my attacker machine and I connected to our target IRC.