Welcome to ColddBox Easy, it is a Wordpress machine with an easy level of difficulty, highly recommended for beginners in the field, good luck! Please share your feedback: “https://twitter.com/C0ldd__”
This is ColddBox: Easy from vulnhub. Last one before bedtime - this will be brief.
Ports
This box just has HTTP on port 80 and SSH on a non-standard port: 4512. We won’t be needing it anyway.
Website
The website is running Wordpress, and wpscan finds several users. I run a password attack:
I stop the scan at this point and login. c0ldd is the admin and we have an older version of Wordpress, so I upload a reverse shell as a plugin and get on the box.
Privesc
We’ve got find with the SUID bit set, so that’s our path to root.
The hash for Hugo cracked easily but he’s not a system user so I logged into Wordpress, but there was nothing interesting there. The other one didn’t want to crack, so that was a dead end anyway.
c0ldd didn’t reuse his Wordpress password for his Linux account, so I couldn’t su to him. I grabbed his hash from /etc/shadow and it’s running in Hashcat but hasn’t broken yet … I’m off to bed :)