Acid-Server Walkthrough

Hi Friends,

Today I am writing about Acid Server a vulnerable machine that is available at

We can download it from,125/#download

Acid Server – Target Machine ( Both machines should be in NAT)

Kali Linux – Attacker Machine


First I started with Network discovery or discovery of target machine IP address, I done with netdiscover

Netdiscover -r

After netdiscover

Target IP –

Attacker IP –

Information Gathering:

I will first see what are the open ports and what services are running on the target machine

Namp -sS -A -p-

By using nmap found that port 33447 is open and running Apache httpd service

I tried to access the web page on port 33447

I run nikto for gathering more information but I didn’t find much

So whats next, I found page title as /Challenge and accessed that one and landed on login page.

I tried using sql injection methods to bypass login screen it won’t worked, gone with dirbuster tool on

I found cake.php as interesting and browsed the

It is showing message as “Long Way to go”

But /Magic_Box found intresting and tried to open it shown as Forbidden

I once again run dirbuster on URL and found some interesting files like command.php

It is showing message as “Enter IP address to Ping” I entered as and seen in view source of web page it pinged.

Now I tried to execute some commands to prove it as command injection

And result is shown in source as

I confirmed it as an command injection and we are having many ways to exploit command injection but want to use COMMIX tool, as i never used it before

i captured request using burpsuite and save in a file called os.txt

started commix using file as input

i want to take reverse shell by using commix and followed steps according to commix tutorials

started metasploit handler and got meterpreter reverse shell

Now accessed shell and found file called investigate.php, when i opened investigate.php found an message

So i started investigating any important files and found hint.pcapng file, downloaded using meterpreter

I opened that pcapng file in wireshark and gone to TCP stream

Right click on TCP and click on “Follow TCP Stream” and i got an message from TCP packet

I found this message interesting and found an username as saman and want to try password as “1337hax0r”

import python shell and tried to login as su with same password and i got below message

Now next thing is to find flag.txt

🙂 i hope you like this….

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × three =