Ctf5 Instructions

User Manual:

Open the PDF directly: View PDF .
Page Count: 54

Scroll down to view the document on your mobile browser.

About the Project
The username and password for the image can be found in this documentation. However, the point of the exercise is to discover the root username and password, so they are not provided up front. If you must have the credentials to access the virtual image please read the end of the documented compromise steps.
Getting Started
Step 1 – Build an MD5 Hash Database
- MD5 Rainbow Tables
- Creating an MD5 Rainbow Database in MySQL
Step 2 – Reconnaissance
- Scanning with NMAP
Step 3 – Vulnerability scan
- Vulnerability Scanning with Nessus
- Vulnerability Scanning with Nikto
Step 4 – Manual Discovery
- Manual Discovery
- Identifying Open Source Software
Step 5 – Exploiting Vulnerable Software
Step 6 – Leverage exploits to create a shell account
- Exploiting Drupal
Step 7 – Access the Root Account
- Discover the Root Password
Step 8 – Steal the Shadow File and Crack It
- Password Cracking
- Using John the Ripper
Lessons Learned
Other Unscripted Attack Vectors:

Navigation menu