Quaoar CTF Writeup
Here is my writeup about the Quaoar CTF:
First thing I did is running Nmap:
So there is no Vulnerable Service running. Lets look at the Webapplication.
First thing i tested is if there is a robots.txt. And there is one with following Output:
So since there is a WordPresssite I checked with wpscan if there are Vulnerable Plugins etc.
but nothing found.
So I’m trying to enumarate Users with following command:
wpscan -u http://192.168.139.130/wordpress/ –enumerate u
So admin user is there. Now we can try the default „admin:admin“ to login and we can login successfully.
Now to Upload a shell we can simply use a Metasploit Module named exploit/unix/webapp/wp_admin_shell_upload
After giving IP,Targeturi,Username and Password we get shell back:
Now trying to get all Information possibile we can see in the wp-config.php the root password:
/** MySQL database password */
After that we can try to ssh into Quaoar with the root password:
Now we can open up the flag:
Thanks to Viper it was very funny to get some time passed 🙂