Hack the Pluck VM (CTF Challenge)

Coming towards another tutorial of vulnhub’s lab challenges “pluck” you can download it from here.

This lab is quite simple this article may help you to solve the task for capturing the flag.

LET’S START!!!

192.168.1.115 is my target IP let enumerate through aggressive scan using NMAP. You can observe its result from given screenshot.

nmap -p- -A 192.168.1.115

Use nikto to dig up more information related to target

nikto -h http://192.168.1.115

 Finally I have got something very remarkable here if you notice the given below image the highlighted text looks like local file inclusion vulnerability.

So when I explore the above highlighted text in the browser here I got more than enough data. The highlighted text denotes towards some kind of backup script file path.

 http://192.168.1.115/index.php?page=../../../../../../../../etc/passwd

When again I walk around it now further I found a tar file for backup.

 http://192.168.1.115/index.php?page=/usr/local/scripts/backup.sh

Download tar file of backup script, type following command inside the terminal of your kali Linux.

Wget http://192.168.1.115/index.php?page=/backups/backup.tar

Now type following command to extract backup.tar file

Tar –xvf index.php\?page\=%2Fbackups%2Fbackup.tar

Inside it I found home folder which further contains sub folder for 3 users.