Hack the Pipe VM (CTF Challenge)

PIPE is another CTF which gives you a platform to enhance your penetration testing skills. So let’s not waste any more time and get started with it.

First of all download pipe lab from here

Like always our first step would be to run netdiscover command to see the active hosts in our network.

netdiscover

Target IP: 192.168.0.103

As we have target IP so we will do nmap scan to see if there are any ports active for further penetration.

nmap –p- -A 192.168.0.103

And from here we get open ports 22, 80, 111, 54073.

Now we will open target IP in browser as port 80 is active. Here the website reflects off unauthorized message with a login page. On login window it written “the site says: index.php” which we will be using later on.

Now using burpsuite we are going to capture the cookies for login page by setting manual proxy of firefox browser. It has intercepted data for login page. Changes are to be made in GET parameter in to get authentication.

HACK / index.php

After this step, forward request to the browser for execution of process and finally getting into website. Ok! To above step leads us to website which shows a PIPE picture and a link below it to get artist info.

As we cannot see anything else on this web page so right click anywhere on page and choose view page source. It shows an accessible directory scriptz in its script content.

Now open target ip with scriptz in browser.

192.168.0.103/scriptz/

Oh! Look at that we found an accessible directory.

We will first open log.php.BAK file and see if we get some information to go further or not. And see what it shows. It seems that this file will write itself on the webroot directory. This is very interesting to us especially if we can control the `data` field supplied to the file.

cat log.php.bak