This was a virtual machine shared with me. The objective was to get the final flag.
The first thing I did after
getting the vulnerable system was to connect it to my network and set the
network adapter mode to ‘Bridged’. Then I opened my Kali Linux in Bridged mode
and checked my IP address.
I did a basic network scan using NMAP and found out the IP
address of target system.
nmap 192.168.0.0/24
I
got my target system IP as 192.168.0.108
After a detailed NMAP fingerprint
scan, I got a list of all the services running on my target system. I could see
http service running on target and decided to try for a web page. On hitting IP address on my browser,
I got the web application page running on target system.
I did a few SQL injection attempts to break the application
login mechanism, but nothing worked. The webserver responded each time with
‘Login failed’ error. Remembering my past experiences with CTFs, I decided to
inspect the elements. I could not see anything interesting there.
Then
I noticed the link below the login form.
I just clicked the link and a new page opened. It was just a
404 error page but the URL displayed on browser got my attention.
Then I replaced the ‘localhost’ with actual target IP
address and to my surprise, another page opened. On a close inspection, I found
a hidden login credential from the new page.
It read ‘login details; username:xxxxx password:yyyyy
So, this was the first discovery to login to the web
application running on the target system. I was able to login to the system
successfully with above credentials.
No comments:
Post a Comment