Write Up : backdoor HTB

 

 

 

1. Scanning Phase 

 

➢ Nmap Scanning

 

 

 

➢ dirsearch

 

 

a. Result Scan

 

o Nmap scanning the server was open port for 22,80 and 1337, where port 22 use for ssh , port 80 use for http and 1337 still mysterious. 

 

o Dirsearch result made decision web use wordpress CMS.

 

 

2. Exploit Phase 

 

➢ Exploitation port 80 

 

Scanning result which is use Wordpress CMS ,so im decide to use wpsscan to enumerate 

 

We found admin username,and then we must search the password so we can login to CMS dashboard. Iam get wp-config.php using the plugins installed on CMS, but still cant to login for 

 

ssh and login page. 

 

➢ Exploit port 1337

Port 1337 im cannt make sure for what it is,but, that port use for gdb server

https://sourceware.org/gdb/onlinedocs/gdb/Server.html ,after that we search vuln on that

service and found https://www.exploit-db.com/exploits/50539

 

Software exploitation ,im use Metasploit and set all config to this

 

 

Run the payload and we get user flag

 

At final phase im try to get into root access, commonly im use sudo -l to get some information but, ist doesn’t work, so im try to searching again, and got the ways