any hints?

Overview Forums Sticky Finger’s DV-Pi any hints?

Tagged: 

This topic contains 11 replies, has 3 voices, and was last updated by  0han 1 month, 4 weeks ago. This post has been viewed 393 times

  • Author
    Posts
  • #13093

    thedude
    Participant

    Would you mind relaxing the “no spoilers” policy? The numerous walkthroughs that exist for other intentionally vulnerable images are really valuable. I’m not sure where to even start with this attack, tbh. Is it a hidden service? Is it a web hack? The documentation doesn’t even mention what kinds of applications we should be targeting.

    If you could list, roughly, what we need to do in order to get started on this, it would be really appreciated.

    By the way… what does editing hosts to include the pi actually accomplish? Navigating to it by IP and by hostname just pulls up a link to your wordpress site.

  • #13516

    0han
    Participant

    Can’t agree anymore, I have no idea what to do and can’t even find a start point. I thought it’s part of the interesting things cuz you also have no idea about your target exclude the url in real world.

  • #13517

    Re4son
    Keymaster

    Which DV-Pi?

  • #13518

    0han
    Participant

    I was trying the easy one.

  • #13519

    Re4son
    Keymaster

    Any open ports?

  • #13520

    0han
    Participant

    only 80 and 22 opened, are we suppose to start the other services like sql at the first place?

  • #13521

    Re4son
    Keymaster

    What’s listening on 80? Just apache or a CMS?

  • #13522

    0han
    Participant

    I thought it’s apache I have to check the log later

  • #13523

    Re4son
    Keymaster

    How did you do your fingerprinting of port 80?

  • #13524

    0han
    Participant

    It’s Apache 2.4.10
    I use whatweb to detect it

  • #13525

    Re4son
    Keymaster

    I’d dig deeper. It’s very rare these days to find a vanilla Apache installation that has no CMS sitting on top.

  • #13526

    0han
    Participant

    Alright, thx for ur work

You must be logged in to reply to this topic.