Vulnerable Components Installed 3

Step 1: Go to the URL to access the lab (The URL may be different for each user). http://13.127.128.105/Vulnerable-Components-Installed/Variant-3/

Step 2: Click on the 'Go to the Page' button. It will take you to the target site.

Step 3: As the target name is Blogphp, search for the public exploits available for this name.

Step 4: Use this link to get the exploit: https://www.exploit-db.com/exploits/5042 Now download it.

Step 5: To exploit XSS, Go to the target webpage that we opened.

Step 6: In the search field on this page, enter this payload and hit enter:

alert(2)

Here you will get the XSS pop-up.

Step 7: Now let’s proceed with the exploit which we downloaded earlier.

Step 8: Open the terminal or command prompt, run this command and hit enter. perl 5042.txt -url http://13.127.128.105/Vulnerable-Components-Installed/Variant-3/blog/

Step 9: It will give username='admin' and password='e9bb181aad6f6c87500df367c9e25056' Since the password is in hashed form, you can use any online hash decryptor to extract plain text.

Step 10: Go to https://crackstation.net/ and paste the hash we get and click on ‘Crack Hash’.

Step 11: Copy the plain text password and use it to log in to the blog.

Step 12: Find the ‘Login’ link at the bottom-right of the blog page.

Step 13: Enter the credentials and hit enter.

Username: Admin

Password: R0y@lS3cur!ty79

perl 5042.py -url {url}

Crack the hash Password

LogoCrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
PreviousVulnerable Components Installed 2NextScanning for Bugs in WordPress and Drupal

Last updated