-->

Vulnhub - Gameover Vm - Challenge 001

Vulnhub - Gameover Vm - Challenge 001

Challenge 001:
We outset past times using 'netdiscover' every bit a method to abide by the IP address of the 'server'.

We together with then maintain amongst a quick 'nmap' scan of the 192.168.2.148 IP address, which yields:
root@kali: # nmap -sT -p- -T4 192.168.2.148
Nmap scan study for 192.168.2.148
Host is upwards (0.00055s latency).
Not shown: 65530 shut ports
PORT      STATE SERVICE
22/tcp    open  ssh
53/tcp    open  domain
80/tcp    open  http
111/tcp   open  rpcbind
35867/tcp open  unknown

After scanning the site amongst 'nikto' together with 'dirbuster' together with browse the industrial plant life directories, piece leaving BurpSuite inwards passive mode, nosotros notice that BurpSuite industrial plant life a mails file, which contains the following:

##########
Everyone is here... xexexe!
----------------------------------------
Crazy Alice Alice@InWonderland.com
Nebu Chadnezzar NebuChadnezzar@OldKing.edu
Jo Raimontilinekergrobelar ShortName@badmail.com
Web Killer WebMurder@killer.ever.com
Don Quixote windmill@mail.spain
Crazy priest Exorcist@hotmail.com
Jasson Killer Friday13@JasonLives.com
Everything All AllweSaid@mail.com
Thiseas Sparrow Pirates@mail.gr
Black Dreamer SupaHacka@mail.com
Bond James MyNameIsBond@JamesBond.com
Poor Boy Millionaire@fmail.com
Blind Lynxeyed Linxblind@siou.com
Earl Dracula CarpathianServers@Blood.com
Tea Coffee sugar@dring.com
Whisky Vodka drink@drunk.com

###########

- from the data given, for the challenge nosotros read:
"The exclusively matter nosotros recall is that he was hired on Fri the 13th!".
- hence nosotros are looking for a user that has an e-mail the is somehow connected amongst this 1 information:
Jasson Killer Friday13@JasonLives.com

- piece browsing the site together with trying unlike logons, which failed, nosotros notice something on the site, under:
</span>white, rabbit</font>

- nosotros guide the text on the principal page, exclusively to abide by white, rabbit as a hidden text!  
Moral: always hold off at the code together with wrap the long lines!


- nosotros endeavor to logon amongst the username:white together with the password:rabbit, together with nosotros are allowed to logon. Yay!

Browsing the site, nosotros larn to:
http://192.168.2.148/Hackademic_Challenges/ch001/main/Diaxirisths.php

- based on the description of the challenge, nosotros accept to ship an email:
"You accept to abide by his e-mail address together with ship it to us past times using the key communication panel of the company's site."

I together with then received the message "Congratulations!" inwards green! :)
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser