0wn!ng LazySysAdmin: 1
Hi, In this post I am going to write on how I owned LazySysAdmin: 1 machine which is hosted on Vulnhub. As usual, I start with an arp-scan and discover the target IP address. Next, starts the port-scan. I decided to first enumerate the webpage: Enumeration reveals that wordpress and phpmyadmin is running. It is clear that the name of the admin is "togie" which may come to use at a later time. Next, I searched through the website and there are files with directory listing, etc but I had hit a roadblock on web service. I decided I shall look over to smb ports 139 and 445. using smbclient and checked if null sessions are enabled and my guess is correct. There are some interesting files here. After further digging I have two information points: 1. in wp-config, we see dbusername and password is present. 2. File deets.txt has a clue: Now, with username " Admin " and password " TogieMYSQL12345^^ " I can logi...