Task 1: Environment Preparation

Step 1

• Start your Kali Linux virtual machine.

Step 2

• The company has given you a CTF.zip that has the contents of a website they have been unable to log in to since it was discovered. You are to unzip the contents to the directory /var/www to replace all the files.

unzip CTF.zip -d /var/www

Step 3

• You will mimic the website by starting the Apache2 service web server on the machine using the command service apache2 start.

service apache2 start

Step 4

• Verify that the Apache service is running by typing the command service apache2 status

service apache2 status

Step 5

• Use the Firefox browser to browse the local webpage by typing localhost in the URL.

Task 2: Crack the Website

Step 1

• This is the webpage the company has been unable to log in to since its discovery. In the webpage, right click to open the Inspect element page and see how the web interface interacts with your input. Try to log in to the Admin Panel using a random username and password.

Step 2

• You should notice a change in the inspection panel. Note the line of code with the Login Error message.

Step 3

• The Inspect element page has many tabs to navigate. Look at the Network tab to gain some insight on the different requests. The browser sends credentials to the webserver using the HTTP’s POST request method. Click on POST. The credentials you used can be seen in the Params tab.

Step 4

• You will be using Hydra (Hydra was introduced in EH-04) on the login form and using the Admin username and the rockyou.txt wordlist for passwords. Use the credentials you obtain to log in to the website. To understand the Hydra parameters, type hydra in the console alone.

hydra -l Admin -P /usr/share/wordlists/rockyou.txt 127.0.0.1 http-post-form '/login.php:login=^USER^&password=^PASS^&Login=Login:Login Error'

Step 5

• Now that you have obtained the login information and password, use them in the Admin Panel.

Task 3: Crack the RAR

Step 1

• It seems the insider has created more layers of defense. After you get access with the correct credentials, download the john.rar file.

Step 2

• Hopefully, the insider left some information behind. Use the browser’s Inspect to see if there is any information that will help crack the RAR file password.

Step 3

• Create a hash value of the RAR file with rar2john. The command is as follows: rar2john [filename] > [output.txt].

cd /root/Downloads
rar2john John.rar > hash.txt
cat hash.txt

Step 4

• To crack the hash, use the Cupp tool to generate a password list based on the information you found, which will be used by John the Ripper (Cupp was introduced in EH-04). Start the Cupp tool with cupp -i.

apt install -y cupp
cupp -i
keywords and special characters = No
random numbers and leet mode = Yes

Step 5

• Show the list of documents to make sure the john.txt was created by Cupp.

Step 6

• Now, let’s use John the Ripper with the wordlist produced by Cupp.

john --wordlist=john.txt hash.txt
john hash.txt --show

Step 7

• Now that you have obtained the password, let’s see what the insider has been hiding from the company. Open the Flag.txt file to view the flag and complete the task.