The following is a walkthrough of this vulnhub machine from 2004. I know… it’s crazy old stuff. If this machine would still exist it’d probably look like this:

But, for the propose of experimenting with classic low-hanging web app vulnerabilities, it’s still a reliable source for beginners like me. So, the goal was to search for and exploit every vulnerability regarding the web page. My findings include:

Exposed directories

Design flaws in password reset

SQLi

XSS

CSRF

Parameter manipulation vulnerabilities

Poor hash algorithm

Poor password policy

Information disclosure

Flaws in access privileges for directories and functionalities

Some default credentials

Let’s start with this!

1- Doing reconnaissance and enumeration

First I boot the machine and run an Nmap scan to find where it is:

Here we can find our target on 102.168.1.5:

Nmap scan report for 192.168.1.5

Host is up (0.00021s latency).

MAC Address: 08:00:27:FF:EB:3E (Oracle VirtualBox virtual NIC)

Then I ran a couple more scans to find open ports and service versions exposed:

For now I know the target runs a Linux based OS, Apache 1.3.28 (on ports 80 and 443 TCP) and a MySql server on port 3306 TCP.

Then I go to the site to get a glance of it and what type of functionalities it has. I do this while using ZAP proxy to catch all the requests and feed it with the data it needs to run the scans properly:

After playing with the site a little I go and download the site in order to do some code analysis: