palliative

Oct 30, 2020

2 min read

Writeup-VULNHUB Colddbox

Vulnhub, is a great platform for anyone looking to do Penetration testing to familiarize themselves and challenge themselves to try harder.

As I was scrolling through the site, I came by Colddbox, a supposed easy boot to root box recommended for beginners and decided to try and solve it.

I started with an nmap scan in verbose mode while using some basic scripts to discover whether our target has any open ports. Luckily some were open as shown below:

I navigated to port 80 and discovered the site is running on wordpress.

Which led me to quickly run a wpscan to enumerate usernames and vulnerable plugins.I got several usernames that i bruteforced with the rockyou.txt dictionary using the same wpscan.

Great! Now there is a valid username & password to login into the site.

After successfully accessing the Wordpress dashboard, I tried to get a reverse shell by editing any page I could call using such as the themes with https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php .

I will definitely continue the article after getting a reverse shell, once :(

till next time, happy learning!