[CTF] hackfest2016: Quaoar

hackfest2016: Quaoar  CTF: Quaoar Difficulty Rating: Easy (Beginner) Hello guys! This is going to be one of the first proper write-ups that I have done in a long time. Leave any feedback down in the comments! Today, we will be taking on Quaoar. It's one of a series of CTFs from hackfest2016. Let's begin! The creator was nice and gives you the machine's IP address straight away:   Here are the results from running a simple nmap scan: The landing page of the web server:   Judging by the services running, we could have many different attack vectors. The creator mentioned the use of tools such as dirbuster, wpscan and other web app. tools to pwn the machine. I decided to continue on this path. These are the results of a crawl with Uniscan: We see that WordPress is running on this website, and I navigated to the login page and used the default admin login (admin/admin). Unsurprisingly , it worked. This is an easy machine. Most people