Rusty Walkthrough — PWNX

Astik Rawat
4 min readMar 23, 2022

Hi Everyone, It’s been a long time since I shared a walkthrough of a vulnerable machine. I have been a bit busy lately with work and learning but I am back for good. Let’s just jump right into it, I hope you learn something from it.

Rusty Pwned!!

Last month I was introduced to a new platform PWNX by a friend. I haven’t tried all the machines yet I love their competitive challenges and I will be coming back with more walkthroughs in the future. For now, I want to share my experience with Rusty. Let’s learn together.

First, we start with a network scan to see if there are any interesting ports available…

Nmap Scan for Rusty

Port 80 seems to be open and running Joomla with many entries in the robots.txt file.

Joomla Webserver

The first thing that comes to my mind after finding a known web server is to find what version it is running. Sometimes the developer doesn't update the webserver and it can hold some critical vulnerability. In case, the version is up to date, then we can move towards manual scanning methods.

We run Gobuster to find all subdirectories and files on the webserver.

Gobuster

There are a few 403 Responses, but we will only focus on 200 and 301. We found a file called README.txt which seems interesting and might hold something interesting.

README.txt File

We found that the version history for this web server is Joomla 3.4. Now we look at any findings for this Joomla version. I came across a blog by Hacktive Security.

--

--

Astik Rawat

Security Consultant | OSWE | OSCP | OSWP | CRT | BSCP | PNPT | eMAPT | PJPT | CPENT | eJPT | CEH Master | CPSA | Network+ | Multiple CVEs