pentestPromedium

Atkomst Nekad (Access Denied)

undutmaning

English summary: Multi-step challenge requiring OSINT from a psychological report to discover username and password patterns, bcrypt hash cracking from a Roundcube mail server backup, SSH access to an internal network, and exploitation of phpMyAdmin 4.8.1 LFI vulnerability (CVE-2018-12613) to read t

$ ls tags/ techniques/

lfi osint directory_traversal password_cracking ssh roundcube busybox credential_reuse bcrypt pokemon_wordlist phpmyadmin cve-2018-12613 internal_network sql_backup psychological_profile

bcrypt_hash_crackingpsychological_profile_analysistargeted_wordlist_generationcredential_reuse_exploitationssh_accessinternal_network_enumerationphpmyadmin_lficve_2018_12613_exploitation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[reverse][Pro]Manifest— undutmaning
[forensics][Pro]Knappast lätt— undutmaning
[web][Pro]Fraga fisken— undutmaning
[forensics][Pro]Ett till pajat fonster— undutmaning
[forensics][Pro]Kapten Strang— undutmaning