CTF Daily Bugle

CTF CMS
Created At :
Count:114 Views 👀 :
  1. rustscan
  2. GObuster
  3. /etc/hosts
  4. Wordpress
    1. bruteforce
  5. Reversehell
  6. LSE
  7. Plokit
  8. Conclusion

rustscan

rustscan -a 10.10.155.73 --ulimit 5000

GObuster

gobuster dir -u http://10.10.155.73/ -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

/etc/hosts

10.10.155.73 internal.thm

http://internal.thm/blog/

Wordpress

wpscan --url http://internal.thm/blog --enumerate u

WordPress version 5.4.2

bruteforce

wpscan -v -U admin -P Documents/arch_doc/CTF/Wordlist/rockyou.txt --url http://internal.thm/blog/wp-login.php

Useless

Reversehell

via error 404 of template

LSE

Polkit CVE, no need to think, let’s pwn it.

Plokit

https://github.com/joeammond/CVE-2021-4034

I’m root

Conclusion

This box was “hard” but still easier than easy box of HTB.

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme