IMF

IMF

netdiscover -r 123.123.123.0/24

123.123.123.106 00:0c:29:a4:69:60      1      60  VMware, Inc.

nmap -T4 -A -v 123.123.123.106
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: IMF - Homepage
MAC Address: 00:0C:29:A4:69:60 (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.10 - 4.8, Linux 3.16 - 4.6, Linux 3.2 - 4.8, Linux 4.4
Uptime guess: 198.840 days (since Sat Mar 17 18:30:29 2018)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros



http://123.123.123.106/contact.php

 


         
       
       
       
       
       

echo "ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==" |base64 -d

root@KaliLNX:/opt/VMs/IMF# echo "ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==" |base64 -d
flag2{aW1mYWRtaW5pc3RyYXRvcg==}



Now we have:
flag1{YWxsdGhlZmlsZXM=}

echo "YWxsdGhlZmlsZXM=" |base64 -d
allthefiles


flag2{aW1mYWRtaW5pc3RyYXRvcg==}
echo "aW1mYWRtaW5pc3RyYXRvcg==" |base64 -d
imfadministrator

http://123.123.123.106/imfadministrator/

valid username is rmichaels.

 I update the name of the field pass to be pass[].

 flag3{Y29udGludWVUT2Ntcw==}
Welcome, rmichaels
IMF CMS