Write Up : backdoor HTB
By bocahganteng
Register our target IP into /etc/hosts so we can access backdoor.htb (optional)
1. Scanning Phase
➢ Nmap Scanning
➢ dirsearch
a. Result Scan
o Nmap scanning the server was open port for 22,80 and 1337, where port 22 use for ssh , port 80 use for http and 1337 still mysterious.
o Dirsearch result made decision web use wordpress CMS.
2. Exploit Phase
➢ Exploitation port 80
Scanning result which is use Wordpress CMS ,so im decide to use wpsscan to enumerate
We found admin username,and then we must search the password so we can login to CMS dashboard. Iam get wp-config.php using the plugins installed on CMS, but still cant to login for ssh and login page.
➢ Exploit port 1337
Port 1337 im cannt make sure for what it is,but, that port use for gdb server
https://sourceware.org/gdb/onlinedocs/gdb/Server.html ,after that we search vuln on that
service and found https://www.exploit-db.com/exploits/50539
Software exploitation ,im use Metasploit and set all config to this
Run the payload and we get user flag
At final phase im try to get into root access, commonly im use sudo -l to get some information but, ist doesn’t work, so im try to searching again, and got the ways
