Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to do Freshly- Vulnhub Penetration Test in CTF TopHatSec

2025-04-11 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article is about how to carry out Freshly- Vulnhub penetration test in CTF TopHatSec. Xiaobian thinks it is quite practical, so share it with you. I hope you can gain something after reading this article. Let's not say much. Let's take a look at it together with Xiaobian.

Vulnhub-TopHatSec: Freshly

Target drone

https://www.vulnhub.com/entry/tophatsec-freshly,118/

operating environment

Virtualbox

VM (run will prompt error, give the resolution link has 404)

description

The goal of this challenge is to break into machines through the network and find secrets hidden in sensitive files. If you can find the secret, send me an email to verify it.:) There are several different ways. Good luck! Just download the OVA file and import it into virtualbox!

set

First open the downloaded ova with virtualbox, then import

service discovery

port scanning

OS identification

Primary port further scan

port 80

8080

WordPress 443 is also here.

Detection of known services

Explore WordPress

Three plug-ins were found to have security issues, but not helpful. While scanning, run 80 and find phpmyadmin and login.php

login.php

Sqlmap for detection

presence injection

view database

Check WordPress8080 library to find WordPress username and password

Log in to the background and change the language to Chinese

Get Shell

Wordpress has two ways to get a shell, one is to add plugins, add the prepared shell to the correct format.zip upload.

There is also a direct editing

I am directly editing, writing the shell to the 404 page

Locally enabled NC monitoring

404 Page Not Found

Check passwd and find permission

The above is how to carry out Freshly- Vulnhub penetration test in CTF TopHatSec. Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Port test plug-in file way more knowledge secret article page service detection different practical operating system three not big just at the same time background vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple OPPO Reno Shulou Technology MySQL Shulou Tech Info MariaDB Docker Apple Xiaomi Redmi Shulou Information macOS NVidia vpn Huawei Linux Microsoft OPPO Reno Shulou Technology MySQL Shulou Tech Info MariaDB Docker Apple Xiaomi Redmi Shulou Information macOS NVidia vpn Huawei Linux Microsoft

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report