SYMFONOS: 5.2 Walkthrough
Beginner real life based machine designed to teach people the importance of understanding from the interior.
Beginner real life based machine designed to teach people the importance of understanding from the interior.
Tested on VMware and Virtualbox
Enumeration
We have ssh,http,ldap.
let’s enumerate more on the LDAP
dc=symfonos,dc=local
Let’s enumerate http 80,
- Nikto
- Gobuster
Exploitation
- let’s try SQLi with wfuzz
Since there is no SQLi, i started researching about OpenLDAP Exploits.
Then, i got a hunch that the login could be using the LDAP for authentication. Hence, i could use LDAP injection.
Let’s use wfuzz to try LDAPi,
The redirection says that the payload bypasses — *))%00
we can login using the payload.
Let’s see the source code of the admin.php file with the php filter -> filter://
Let’s use these credentials to dump all the information.
ldapsearch -x -LLL -h 192.168.103.137 -D ‘cn=admin,dc=symfonos,dc=local’ -w qMDdyZh3cT6eeAWD -b ‘dc=symfonos,dc=local’
Let’s do ssh into the machine with the account of zeus,
zeus:cetkKf4wCuHC9FET