Lab 7.1

logged into the ftp as anonymous using ftp [email protected]

had to cd to the upload directory to upload. Then used put to upload a test file.

Uploaded a PHP file which catted /etc/passwd

On the browser used 10.0.5.25/upload/skyler.php to see the /etc/passwd file

I found a PHP file titled LocalSettings.php

I had to get the file to my local host while in FTP because it was denying web entry

I found a password in the file that happened to work for ssh login for [email protected]

I then logged into the MariaDB server using /bin/mysql -u root -p and then entered the password from LocalSettings.php. I then used use mediawiki; to access the database. I used SELECT user_name, user_password FROM user; to find a user and an associated hashed password.

I had to edit the hash to work with Hashcat. Then made a txt file of the passwords starting with p in rockyou.txt using egrep '^p' rockyou.txt > pippinpassy.txt

The hash seems to be hashed with PBKDF2-SHA512 so I used the -m 12100 flag when running hashcat.

Hashcat Command: hashcat -m 12100 -a 0 -o crackedpip.txt hashcatpip.txt pippinpassy.txt