by

Playing around with pentestit.ru testlab v.10 – Part 1

Lets playing around with pentestit.ru testlab v.10.

Target IP : 192.168.101.9

Network diagram - pentestit.ru testlab v.10

Nmap :

Lets check HTTP header on port 80 :

I tried to open the IP address through web browser but its like taking forever to load the page. 🙁
Ok, lets examine the source of the page:

I found store.gds.lab domain inside the source, and that must be not accessible. I have to edit my hosts and point the domain to 192.168.101.9 :

now lets open the http://store.gds.lab from web browser :

store.gds.lab homepage pentestit.ru testlab v.10

Good, the page was opened normally.

This store using OpenCart, and here is the admin page :

Its time to check for some vunerabilities on OpenCart :

After checking and testing the vulnerabilities i got nothing but 403. 🙁
Lets skip and try to examine http://store.gds.lab:443 on web browser :

pentestit.ru testlab v.10

 

This page gave me more attention. lol..

I found this information from Contact page. Lets save it for later :

And i see an url with catchy format (read: sequeli lol) :

And here is the result from SQLmap :

Now, let john crack this password :

lets try to use this to login to the admin page :

 

 

 

 

Lets try to use this login info to login into SSH service :

great! but, its enough for today. 🙂
i have a plan for the next article. i will use this SSH service to tunnel inside the network and access the intranet (as you can see on the diagram). 🙂

Please Donate To Bitcoin Address: [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]

Leave a Reply

Your email address will not be published. Required fields are marked *