Exploiting Nancurunir - morgan-hanrahan/Tech-Journal GitHub Wiki

Reflection

This lab was moderately difficult for me. I was able to easily detect the target IP, open ports, and utilize Dirbuster to locate phpmyadmin. When I got to the phpmyadmin site and needed the credentials, I ran into trouble. I was trying to crack the password with hydra at first, but I kept getting false positives. After discussing it with another student in the class, they suggested that I investigate into Metasploit and try to crack the password using it. Upon some research, I was able to find a guide on how to use Metasploit and was able to crack the password with ease. Finding the phpmyadmin exploit was very straightforward and I got into the reverse shell easily. I had originally attempted to add a user through the /etc/passwd file, but found that the file wasn't world writable. I struggled where to go from here for awhile, but then decided to revisit the phpmyadmin site and found the MySQL database, which contained the authentication string I needed to gain user access. To get the user and root flags was pretty straightforward and I just needed to use su and sudo -i -S to get between the users. I definitley learned a lot throughout the process of the lab and found it very benefical for penetration testing practice.