Typp
Security Tester
Divine
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
500 XP
Today we are going to solve the latest CTF challenge presented by vulnhub for penetration practice and design by Mr. Hadi Mene. This lab is the proposal for beginners and mode of difficulty level is easy. You can download it from this Link:
Penetration Methodologies
Letās Begin!!
You will get target VM machine IP at the time of boot-up so letās start with nmap port enumeration and execute the following command in our terminal.
Since port 80 was opened; so I explored target IP in the web browser and welcomed by following the web page as shown below.
Unfortunately, I didnāt compute any remarkable hint from its web home page, therefore, I decided to launch directory brute-force attack through ādirbā and run following command.
The minute you will execute the above command you will found so many web directories. Here
So when I explored the following URL, it put-up a
So I looked into notes.txt and notice towards ā
Since port 22 was open so I can try ssh login and as we already have the password
Wonderful!! We got login successfully, now move for post-exploitation and try to get root access. Then by using the following command, you can enumerate all binaries having SUID permission.
And it dumped all system binaries which have SUID permissions but
Run the following command and get the root access directly.
This was the 1st technique for escalating root privilege through awk one-liner.
Similarly, you can perform the same task by using python one-liner and can spawn the root shell.
B000MM!!! We have captured the flag and challenges is completed.
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
Loadingā¦
www.vulnhub.com
Penetration Methodologies
- Network scanning
- Directory brute-force attack
- Abusing HTTP web directories
- Compromise confidential
- Spawn tty shell (ssh login)
- SUID privilege escalation
- Get root access and capture the flag
Letās Begin!!
You will get target VM machine IP at the time of boot-up so letās start with nmap port enumeration and execute the following command in our terminal.
Code:
nmap -A 192.168.1.104Since port 80 was opened; so I explored target IP in the web browser and welcomed by following the web page as shown below.
Unfortunately, I didnāt compute any remarkable hint from its web home page, therefore, I decided to launch directory brute-force attack through ādirbā and run following command.
Code:
dirb http://192.168.1.104The minute you will execute the above command you will found so many web directories. Here
looks more interesting, letās figure out it.
So when I explored the following URL, it put-up a
file which might be holding something important.
Code:
http://192.168.1.104/adminSo I looked into notes.txt and notice towards ā
ā which is a password.
Since port 22 was open so I can try ssh login and as we already have the password
but donāt know the username, therefore, I decided to use the hit-try method and use following credential for ssh login.
Code:
Username: ted (predict from password)
Password: 12345ted123Wonderful!! We got login successfully, now move for post-exploitation and try to get root access. Then by using the following command, you can enumerate all binaries having SUID permission.
Code:
find / -perm -u=s -type f 2>/dev/nullAnd it dumped all system binaries which have SUID permissions but
and
are at my target point for escalating root privilege through them. So I had exploited this VM twice to root access.
Run the following command and get the root access directly.
Code:
mawk 'BEGIN {system("/bin/sh")}'
id
cd /root
ls
cat flag.txtThis was the 1st technique for escalating root privilege through awk one-liner.
Similarly, you can perform the same task by using python one-liner and can spawn the root shell.
Code:
python2.7 -c 'import pty;pty.spawn("/bin/sh")'
whoami
cat /root/flag.txtB000MM!!! We have captured the flag and challenges is completed.
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here