CTF Beelzebub

  1. netdiscover
  2. rustscan
  3. gobuster
  4. MD5 hash
  5. Beelzebub website
  6. ssh

netdiscover

sudo netdiscover

rustscan

rustscan -a 192.168.0.24

On the port 80 we have this page:

gobuster

gobuster dir -t 100 -u http://192.168.0.24 -w ~/Documents/wordlist/directory-list-medium.txt --wildcard switch

The javascript directory is forbiden:

There is a phpmyadmin page, let’s see if there is a index.php.

MD5 hash

echo -n beelzebub | md5sum

This string is a directory.

Beelzebub website

There is something but I can’t see it, the ip is hard coded in the website.

This in a wordpress website, I should see what is in the upload directory:
http://192.168.0.24/d18e1e22becbd915b45e0e655429d487/wp-content/uploads/

If you browse to Talk To VALAK you can see this page:

You can also found a password:

Cookie=b7d0eff31b9cde9a862dc157bb33ec2a; Password=M4k3Ad3a1

I should do a scan on the word press website but it’s taking too much time to load, I will find the user on the login page of the VM.
User: Krampus
Password: M4k3Ad3a1

ssh

ssh krampus@192.168.0.24

Yes I’m in.

cat .bash_history

I’m will copy past this:

I’m root.

Flag: 8955qpasq8qq807879p75e1rr24cr1a5