Bayu_Ajie knowledge is free you can learn anything

Write Up : backdoor HTB


Write Up : backdoor HTB

By bocahganteng


Register our target IP into /etc/hosts so we can access backdoor.htb (optional)
1. Scanning Phase 
Nmap Scanning

a. Result Scan
o Nmap scanning the server was open port for 22,80 and 1337, where port 22 use for ssh , port 80 use for http and 1337 still mysterious. 
o Dirsearch result made decision web use wordpress CMS.

2. Exploit Phase 
Exploitation port 80 
Scanning result which is use Wordpress CMS ,so im decide to use wpsscan to enumerate 

We found admin username,and then we must search the password so we can login to CMS dashboard. Iam get wp-config.php using the plugins installed on CMS, but still cant to login for 
ssh and login page. 
Exploit port 1337
Port 1337 im cannt make sure for what it is,but, that port use for gdb server
https://sourceware.org/gdb/onlinedocs/gdb/Server.html ,after that we search vuln on that
service and found https://www.exploit-db.com/exploits/50539

Software exploitation ,im use Metasploit and set all config to this

Run the payload and we get user flag

At final phase im try to get into root access, commonly im use sudo -l to get some information but, ist doesn’t work, so im try to searching again, and got the ways


Bayu_Ajie  knowledge is free you can learn anything