Source

Synopsis

“Breadcrumbs” is marked as hard difficulty machine that features Apache hosting PHP web pages on Windows 10 OS. The homepage is a library to look for books and borrow them for reading. The book checkout section is misconfigured and that allow us to look for other files (.php) on the server. Certain .php file reveals secret key for JWT signature, hardcoded admin…


Source

Synopsis

“Armageddon” is marked as easy difficulty machine which features Apache, hosting vulnerable Drupal CMS on Linux OS. We exploit Drupalgeddon2 vulnerability to gain initial access on target machine, then use stored credentials of database to access the DB and retrieve user credentials (Hash). We crack the hash and login to user account, this user has permission to run a binary as root…


Source

Synopsis

“Luanne” is marked as easy difficulty machine that features nginx and supervisor to host website and to control process system. The website has basic HTTP authentication enabled, but a certain http directory is wide open to get weather information of UK cities by querying manually. Web application is connected to a lua script which generates random data about city’s weather. Taking advantage…


Source

Synopsis

“TheNoteBook” is marked as medium difficulty machine that features nginx server which is hosting a notebook webapp to store notes and view them later in time for registered users. The actual webapp in not on host OS, rather it is running inside a docker container on port 8080 and nginx is serving the webpage…


Source

Synopsis

“Tally” is marked as Hard difficulty machine that features IIS web server and SharePoint CMS with MSSQL running in background. Gobuster gives us path to FTP credentials. FTP has a directory with KeePass credential database, we crack the master password of DB and get access to SMB credentials. SMB access gives us credentials to MSSQL DB. …


Source

Synopsis

“Spectra” is marked as easy difficulty machine that features Apache which is hosting issue tracker and a WordPress website. The homepage has links to Issue Tracker and Testing Website. The former takes us to the WordPress website and the latter take us to a testing website. Due to the fact that it is a…


Source

Synopsis

“Ophiuchi” is an medium difficulty Linux machine that features Apache TomCat hosting a JSP (Java Server Page) website and it has SnakeYAML deserialization vulnerability in its library. The website has a functionality to where we can input YAML string/code and server will parse it using SnakeYAML library. After exploiting this vulnerability we get “tomcat”…


Source

Synopsis

“Ready” is an medium difficulty Linux machine that features GitLab on docker environment. The version of running GitLab which has a vulnerability is 11.4.7 Community Edition. There’s two distinct vulnerability exists on this version of GitLab SSRF and CRLF. Combining both vulnerability we can gain initial access on target machine. Then we need to…


Source

Synopsis

“Time” is medium difficulty Linux machine that features Apache server hosting a PHP website. The website homepage is “Online JSON beautifier & validator”. Many websites offer APIs, which will return data in JSON format. Often the JSON provided has white space compressed to reduce the…


Source

Enumeration

We will kick off this machine with enumerating using nmap.

Aniket Badami

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store