Playing around with testlab v.10 – Part 1

Lets playing around with testlab v.10.

Target IP :

Network diagram - testlab v.10

Nmap :

Lets check HTTP header on port 80 :

I tried to open the IP address through web browser but its like taking forever to load the page. 🙁
Ok, lets examine the source of the page:

I found store.gds.lab domain inside the source, and that must be not accessible. I have to edit my hosts and point the domain to :

now lets open the http://store.gds.lab from web browser :

store.gds.lab homepage testlab v.10

Good, the page was opened normally.

This store using OpenCart, and here is the admin page :

Its time to check for some vunerabilities on OpenCart :

After checking and testing the vulnerabilities i got nothing but 403. 🙁
Lets skip and try to examine http://store.gds.lab:443 on web browser : testlab v.10


This page gave me more attention. lol..

I found this information from Contact page. Lets save it for later :

And i see an url with catchy format (read: sequeli lol) :

And here is the result from SQLmap :

Now, let john crack this password :

lets try to use this to login to the admin page :





Lets try to use this login info to login into SSH service :

great! but, its enough for today. 🙂
i have a plan for the next article. i will use this SSH service to tunnel inside the network and access the intranet (as you can see on the diagram). 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *