Our coffee shop has been hacked!! can you fix the damage and find who did it?.
It doesn’t say how difficult it’s supposed to be, but I’ll say easy. Let’s go.
Ports
SSH and HTTP only.
HTTP
The premise here is that the website has been hacked. It’s Wordpress (a recent version), but the username and password is ‘hiding’ in plain sight, so yeah no wonder lol.
At http://coffeeaddicts.thm/wordpress/?p=9#comments we find this caption under a photo of some hobo looking dude:
gus i need you back
And underneath that is this:
Just to drive the point home. So; we login to Wordpress with gus:gusineedyouback and I get a shell by uploading a plugin.
Root
The system has been pwned by BadByte, who has created themselves an SSH key which we can read.
This is encrypted with a weak password so it’s ssh2john then crack it and login:
So, nothing groundbreaking here but I guess it’s all grist to the mill.
Oh obviously at some stage this was intended to be a THM room. It’s listed as private at the moment but you can still join if you know how :)