Quaoar

Background Info: Welcome to Quaoar

This is a vulnerable machine I created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Very Easy

To begin we start with netdiscover to establish the target IP address.

Image description

Netdiscover reveals the targets IP address is 172.16.250.131

Image description

Next up, the attacker uses nmap to see what ports and services are open.

Image description

Nmap reveals SEVERAL open ports. Port 80 is used for web hosting and is always an interesting start. The attacker pointed his browser to the IP address.

Image description

Nothing very interesting on the landing page. Clicking on the home page leads to a .jpg, with nothing in the page source.

Image description

Image description

The next step was to use nikto to crawl the website and gather more information.

Image description

Nikto revealed robots.txt, which in turn revealed a wordpress login page.

Image description

Image description

This was supposed to be a very easy machine so I tried the default admin/admin and logged in.

Image description

Image description

Image description

Image description

Image description

Image description

Image description

Image description

Written on April 26, 2017