OSCP PREPROTİONS – HTB Blunder

Blunder machine is a vulnerable machine with Linux operating system which is among the retired machines. We are expected to obtain user and root flags by using these vulnerabilities.
We perform a network scan with nmap to identify the target machine


Classic Scan

Full Port Scan

21/tcp closed ftp, 80/tcp open http Apache httpd 2.4.41 (Ubuntu) ports detected. Since the ftp port rejects connections, we continue the optimization on port 80.
On port 80 we continue through the browser to provide enumueration

We performed enumeration on the website, looked at the source code and did not find any information.
We performed directory and file scanning with Gobuster.

/0, /about, /admin, /cgi-bin/, /LICENSE, /robots.txt, /todo.txt directories were detected.
/admin

/LICENSE

/robots.txt,

/todo.txt

In the todo.txt file we get that the CMS has not been updated, it may have given us a hint here. We also received information that there is a fergus user, let’s check the CMS version immediately
We look at the source code in /admin

We saw that Bludit CMS has version 3.9.2.

We tried default passwords here but could not provide successful login.
We searched for vulnerabilities

We have understood that this vulnerability is vulnerable to brute force user-directed execution.
Now let’s perform brute force on this web
I will first prepare a wordlist with Cewl before performing brute force

We have created our wordlist, let’s use the python code available at https://rastating.github.io/bludit-brute-force-mitigation-bypass/ to exploit it

User fergus’s RolandDeschain password has been detected.
Let’s try to log in

We were able to log in
Here we will continue to get Shell using msfconsole.

Here we entered the prompts, then we got Shell, we logged in to the machine on the www-data user, we could not access the user flage because of low authorization.

Here we have lede the password hahsii of user hugo let’s try to crack it with crackstation

User Hugo’s password Password120 has been detected

Let’s try to change the user

We were able to get our user flag
Then let’s try to do privilege escalation

This way we got our root flag

OSCP PREPROTİONS – HTB Blunder

Comments

  1. Rastrear telefone

    Melhor aplicativo de controle parental para proteger seus filhos – Monitorar secretamente secreto GPS, SMS, chamadas, WhatsApp, Facebook, localização. Você pode monitorar remotamente as atividades do telefone móvel após o download e instalar o apk no telefone de destino.

  2. Rastrear Celular

    Como faço para saber com quem meu marido ou esposa está conversando no WhatsApp, então você já está procurando a melhor solução. Escolher um telefone é muito mais fácil do que você imagina. A primeira coisa a fazer para instalar um aplicativo espião em seu telefone é obter o telefone de destino.

  3. tlovertonet

    Nice post. I learn one thing more challenging on totally different blogs everyday. It’s going to all the time be stimulating to read content from different writers and practice a little something from their store. I’d favor to use some with the content on my blog whether or not you don’t mind. Natually I’ll give you a link on your internet blog. Thanks for sharing.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir