Hackfest 2016: Quaoar – Vulnhub Walkthrough

DerpNStink VulnHub — Walkthrough
April 9, 2019
LazysysAdmin Vulnhub — Walkthrough
April 14, 2019
Share This:

Hackfest 2016: Quaoar – Vulnhub Walkthrough

I have to say this is the easiest VM I have done so far

Quaoar is the first machine from the series of 3 machine from hackfest2016 and by the creator Viper.

Quaoar is a boot2root virtual machine hosted in vulnhub, created by Viper for Hackfest 2016 CTF. Being a beginner friendly challenge, Quaoar is a perfect machine for people who are new into security. Experienced folks may break the machine in less than 60 minutes

There are 3 flags we have to find. Let’s go.

Finding the IP address of the machine.

Moving onto NMAP Scan

Now we see that port 80 is up and running. Let’s check it.

Seems like a simple web page. Let’s click onto the Text in the bottom-left corner of the page and we are directed towards another image.

So there is nothing special here. Let’s move onto running “dirb” to enumerate directories.

The WordPress is up and running.

Let’s find the admin panel and try to login with default credentials.

On providing the default credentials i.e admin:admin we are logged into the admin panel.

Let’s copy the PHP shell and edit the LPORT and LHOST.

Editing the file using gedit and adding the details for reverse connection to our machine.

Now this shell can be uploaded in the themes panel as well as in the plugins panels. Let’s put NETCAT in listening mode and access the shell.

We have successfully got the shell on the system. Lets grab the fist flag.

Now as it is WordPress we will be looking onto the Wp-Config file for the root username and password.

We can log into the system via SSH or via our previous shell we can switch user using SU command and providing the credentials for the root user.

So we are logged into the machine as root. Now for the post exploitation. We know where the flag can be.

That’s all. We are done with this machine.

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: