Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page
  1. Identifying Security is configurations and Exploiting Outdated Web Applications

Vulnerable Components Installed 3

PreviousVulnerable Components Installed 2NextScanning for Bugs in WordPress and Drupal

Last updated 1 year ago

Step 1: Go to the URL to access the lab (The URL may be different for each user). http://13.127.128.105/Vulnerable-Components-Installed/Variant-3/

Step 2: Click on the 'Go to the Page' button. It will take you to the target site.

Step 3: As the target name is Blogphp, search for the public exploits available for this name.

Step 4: Use this link to get the exploit: https://www.exploit-db.com/exploits/5042 Now download it.

Step 5: To exploit XSS, Go to the target webpage that we opened.

Step 6: In the search field on this page, enter this payload and hit enter:

alert(2)

Here you will get the XSS pop-up.

Step 7: Now let’s proceed with the exploit which we downloaded earlier.

Step 8: Open the terminal or command prompt, run this command and hit enter. perl 5042.txt -url http://13.127.128.105/Vulnerable-Components-Installed/Variant-3/blog/

Step 9: It will give username='admin' and password='e9bb181aad6f6c87500df367c9e25056' Since the password is in hashed form, you can use any online hash decryptor to extract plain text.

Step 10: Go to https://crackstation.net/ and paste the hash we get and click on ‘Crack Hash’.

Step 11: Copy the plain text password and use it to log in to the blog.

Step 12: Find the ‘Login’ link at the bottom-right of the blog page.

Step 13: Enter the credentials and hit enter.

Username: Admin

Password: R0y@lS3cur!ty79

perl 5042.py -url {url}

Crack the hash Password

LogoCrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.