-->
Bayu_Ajie
Bayu_Ajie knowledge is free you can learn anything

Write Up : backdoor HTB


 

Write Up : backdoor HTB

By bocahganteng

 
 

Register our target IP into /etc/hosts so we can access backdoor.htb (optional)
 
 
 
1. Scanning Phase 
 
Nmap Scanning
 
 
 
dirsearch
 

 
a. Result Scan
 
o Nmap scanning the server was open port for 22,80 and 1337, where port 22 use for ssh , port 80 use for http and 1337 still mysterious. 
 
o Dirsearch result made decision web use wordpress CMS.
 
 

2. Exploit Phase 
 
Exploitation port 80 
 
Scanning result which is use Wordpress CMS ,so im decide to use wpsscan to enumerate 
 

We found admin username,and then we must search the password so we can login to CMS dashboard. Iam get wp-config.php using the plugins installed on CMS, but still cant to login for 
 
ssh and login page. 
 
Exploit port 1337
Port 1337 im cannt make sure for what it is,but, that port use for gdb server
https://sourceware.org/gdb/onlinedocs/gdb/Server.html ,after that we search vuln on that
service and found https://www.exploit-db.com/exploits/50539
 

Software exploitation ,im use Metasploit and set all config to this
 

 
Run the payload and we get user flag
 


At final phase im try to get into root access, commonly im use sudo -l to get some information but, ist doesn’t work, so im try to searching again, and got the ways
 


 

Bayu_Ajie
Bayu_Ajie  knowledge is free you can learn anything

Comments