Vulnhub, is a great platform for anyone looking to do Penetration testing to familiarize themselves and challenge themselves to try harder.
As I was scrolling through the site, I came by Colddbox, a supposed easy boot to root box recommended for beginners and decided to try and solve it.
I started with an nmap scan in verbose mode while using some basic scripts to discover whether our target has any open ports. Luckily some were open as shown below:
I navigated to port 80 and discovered the site is running on wordpress.
Which led me to quickly run a wpscan to enumerate usernames and vulnerable plugins.I got several usernames that i bruteforced with the rockyou.txt dictionary using the same wpscan.
Great! Now there is a valid username & password to login into the site.
After successfully accessing the Wordpress dashboard, I tried to get a reverse shell by editing any page I could call using such as the themes with https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php .
I will definitely continue the article after getting a reverse shell, once :(
till next time, happy learning!