11 April 2021

Pentesting Fun Stuff

following the cyber security path…

hackfest2016: Quaoar




This is a vulnerable machine created for the Hackfest 2016 CTF http://hackfest.ca/
It has level beginner for those who wish to learn more about pentesting/hacking.

Getting started

I start with a nmap scan to see what ports are open and what is running behind those ports.

Looks like a lot of open ports and services.


I start of with Dirb to enumerate the pages.

Dirb did its work nicely and spat out a very long list, which I cut down to a small piece.
Most interesting is the wordpress site. To enumerate this site I use wpscan.

It looks like the default username is still active. I would normally try to brute force the password of the found username. But because it has the default settings in place I try   admin:admin first.

And I’m in.
To get a reverse shell I change the ‘search.php’ file and replace the PHP code with the one from pentestmonkey. After I set up a listener I run the code by pressing the search button.


First flag. Looks like a md5 hash.

After connecting with the MySQL server it appeared the database had no useful information in it.
When browsing to   /var/www/ I stumbled upon   config.php.

It had root credentials inside.

Now for the next flag.

The description said something about a post exploitation flag. Unfortunately I didn’t found any.
Oh well. Got root…..so game over. This was the easiest of the three. Time for number 2.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.