Craft Walkthrough

Platform: Offsec | PG Practice
Difficulty: Intermediate
OS: Windows
Author: Pawan Kumar (Vulntricks)

Scanning

└─$ rustscan -a $IP -- -sV -sC -Pn -oN scan_tcp.txt

PORT   STATE SERVICE REASON          VERSION
80/tcp open  http    syn-ack ttl 125 Apache httpd 2.4.48 ((Win64) OpenSSL/1.1.1k PHP/8.0.7)
|_http-server-header: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: 556F31ACD686989B1AFCF382C05846AA
|_http-title: Craft

Enumeartion

Since we only have one port open we will start our enumeartion by browsing the webpage.

This looks like an entry point. we need to create a malicious document that we can upload. alt text

Directory Enumeartion

└─$ feroxbuster --url $URL --wordlist /usr/share/seclists/Discovery/Web-Content/quickhits.txt -k 

used feroxbuster to see some quick hits. found upload.php

alt text

Pretty clear that this is using xampp to host this webserver.

Tried uploading a random file got error ! alt text

Scanning​

Enumeartion​

So what's an ODT file ?​

Scanning

Enumeartion

So what's an ODT file ?