Skip to content

Challenge 2: Initial Compromise

Procedure:

Next, we need to find our initial compromise vector. Servers hosting openly accessible services, like websites and unsecured databases, are great places to start.

  • Access the site hosted on the webserver you found in the previous step.
  • Hint: How do you access a website on a custom port number?
  • Explore the web pages available to you. What would be a good place to attempt some attacks?
  • Hint: Your first goal should be to test anything that handles user input.
  • Demonstrate you can run commands on the target system by running the whoami command.

Solution:

OPTION 1 (Manually)

Access the site hosted on the webserver 172.31.40.22:1013

1
2
┌──(kalikali)-[~]
└─$ firefox 172.31.40.22:1013

alt text

Accesing the Apache server.

alt text

The input allows us to perform a SQL injection Attack

alt text

Accesing the passwd file.

alt text

Successful SQL Injection Attack

OPTION 2 (Using Burp Suite Community Edition)

  • Intercepting the request in the Proxy Tab

alt text

alt text

  • Sending the request to the Repeater Tab and testing the ls command

alt text

  • Testing the whoami command

alt text

  • Testing the cat /etc/passwd command

alt text

Successful SQL Injection Attack

Previous: Challenge 1 Home 🏠 Next: Challenge 3