Hacked

From Pessin randon wiki
Revision as of 10:49, 30 September 2022 by Exf (talk | contribs) (Created page with "===Description=== This web server was defaced by hackers. They made some modification on the system. ===Question=== Admin was able to see from the logs that a SQL database dump was made. Can you find it? Maybe this helps you forward with this incident analysis. ===Solution=== Since we were asked to search for SLQ database dump it makes sense to use gobuster here as well. The command <code>gobuster dir -u [url] -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Description

This web server was defaced by hackers.

They made some modification on the system.

Question

Admin was able to see from the logs that a SQL database dump was made.

Can you find it? Maybe this helps you forward with this incident analysis.

Solution

Since we were asked to search for SLQ database dump it makes sense to use gobuster here as well. The command gobuster dir -u [url] -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium.txt -x slq. We find that there is a database.sql file in the root file of the web page. We download this file to the machine using the wget command.

By looking inside this file we can see the database structure. We are interested in both the username, password and admin_panel_directory.

Using the browser, I navigate to the /zer0dium1 folder where we find the task flag.

Tools

  • gobuster
  • cat

Flag

ctftech{hacked}

Retrieved from "https://wiki.pessinurmi.com/index.php?title=Hacked&oldid=290"