Its around 23:00 here and I’m pretty bored, so whats more fun to do than playing around with Vulnhub CTF’s.

I was looking for something easy, I’m to bored right now to get my mind work , hehe !

Looking around and found this Quaoar, the creator says its his first Vulnerable Vm and meant to be easy, so why not.

The vulnerable VM has been assigned an IP of 192.168.1.202, so lets first fire up nmap against.

We see few running services on the system, I will first navigate to the web server on port 80 and this is what I’ve got.

When I click on the left bottom corner this comes up.

Both images has no interested metadata. My next move is to run Nikto against the server.

Nikto find out a wordpress installation, so before navigate to the website I want to run Nikto to the website path.

Nikto, once again found some interested stuff. If you navigate to those findings here is what it comes up

 

Nothing much important so far. Nikto has also found the default login path for wordpress. Based on creators statement (meant to be easy) the first thing I did was to try admin:admin as the login credentials and worked fine !

Oh almost forgot, creator say: “There are 3 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box”

The next thing I have to do was to get a shell. Because I already know the login credentials I will use a metasploit remote exploit caled wp_admin_shell_upload

The next thing was to get root access. In the wordpress directory is the wp-config file which includes also the database credentials.

Lets try that and see if works.

Server rooted !

Now its time to get the flag.

That’s it, last flag granted, hope you had some fun with this one.

Thanks to Vulnhub for hosting those kind of Vm’s

Even this one was pretty easy, I still had some fun. It was exactly what I was looking for to pass my bored time until get to bed 😛