577, Gold Plaza, Punjab Jewellers, M.G. Road, Opp. Treasure Island Mall

InfoSecWarrior CTF: 3 Walkthrough

Here is the new challenge of InfoSecWarrior CTF: 3 Walkthrough by Infosec Warrior CTF 2020. The box is designed by Vishal Biswas aka CyberKnight. The goal is to gain the highest privileges and collect only 2 flags (user flag and root flag). According to author box consist  WordPress developer configured the machine to work internally. But due to some miss-configuration WordPress is exposed to the outside world. Use your skills and get the root flag. So let us go.


Pentester Methodology

Network Scanning
  • Netdiscover
  • Nmap
  • Nikto
  • phpMyAdmin
  • John
  • SSH
Privilege Escalation
  • Sudo -l
  • gcc compilation

Network Scanning

We start with Netdiscover  to obtain IP address as followed

Got the machine Ip and let us scan the Nmap.


On visiting the web page there, we see a WordPress web site. But the WordPress website doesn’t work properly error here so we moved on our next step.

So I fired Nikto and found phpMyAdmin page.

so I logged in with credentials root: root. it was a success

InfoSecWarrior CTF: 3 Walkthrough

We successfully login with the root MySQL database then I select the wpdb database on open the wp-user table and we see two user entries Krishna and user1 as shown in the image file.

InfoSecWarrior CTF: 3 Walkthrough

I copy the users hash and save a text file and crack the hash using the john tool use the following command

And we see WordPress hashes is cracked successfully and I try to login ssh using the WordPress credentials and us successful login with ssh Krishna shell. Krishna: infosec

Got the Shell

Privilege Escalation

I ran the sudo -l command and I found Krishna has sudo permission to run a bash script as loopspell this script is compiler a #C language file using gcc using this command we privilege escalate this machine.

The sudo -l command and we see sudoers filer entry /usr/bin/gcc and code_compiler.sh. using sudo I again run the privilege escalation command and we have a root shell target machine

Eureka !!!! got root.

Related Posts

Leave a comment

WhatsApp us