Lab 9.1: Exploit Gloin
Deliverable 1. Provide the Following Information to include commands and screenshots. Create a tech journal page that covers the following.
- Target IP Address
10.0.5.31
- Open Ports
22
443
3389
- Discovered Vulnerability
Found that Online Entrance Exam System has an sql vulnerability
https://10.0.5.31/entrance_exam/take_exam.php?id=%27+UNION+SELECT+1,username||%27;%27||password,3,4,5,6,7+FROM+admin_list;
Line above will dump admin hash
Peer told me to use CrackStation for this step
-
How you achieved a foothold
I found the exploit for Online Entrance Exam System by using searchsploit and finding a mysql exploit then looking at exploit db and reading what was there.
-
How you achieved root/Administrative level compromise
I cracked the hash for the admin user and then sshed into the machine using administrator as the user because it’s a windows machine. -
User Flag
-
Root Flag
Overview
I didn’t have much trouble with this lab I was very thankful for my peer who told me to use CrackStation instead of trying to other tools. It made this process a lot easier. I did find it very fun to not have much information and having to get a foothold on our own.