Category

VulnHub

CTF Walkthroughs, VulnHub

VulnHub – Stapler: 1 Walkthrough

Introduction

This was an easy Linux machine that involved exploiting a WordPress plugin to gain access to the wp-config.php file which contained database credentials and uploading a malicious plugin into WordPress to gain remote access. Privilege escalation was then possible by exploiting a clear-text password left in the BASH history or an insecure cron job.

Read more
CTF Walkthroughs, VulnHub

VulnHub – Kioptrix 1.4 Walkthrough

Introduction

This was an easy Linux box that involved exploiting a directory traversal vulnerability in the pChart web application in order to access the rules in the Apache configuration file, which revealed a user agent change was necessary to be able to navigate to the PHPTax web application hosted on port 8080, which was affected by a remote code execution vulnerability that could be used to gain remote access to the machine. A simple kernel exploit can then be used to escalate privileges to root.

Read more