Chanakya Vulnhub Walkthrough

-

It was the box where you have to have knowledge about using Nmap , dirb or nitko or gobuster ,ftp, ssh and metasploit .In this box we analyze the ftp connection using wireshark and got credentials and after that we gain access shell using ssh and exploit root permission using metasploit.


Breaching Process 

Finding IP

  • Nmap

Enumeration

  • Nmap Deep scan
  • Browsing HTTP service
  • Enumerating directory
  • ftp login

Exploitation

  • Generating ssh authorize key
  • Gaining access to shell (ashoka)
  • Reading chrootkit logs (using metasploit)

Privilege Escalation

  • chkrootkit


Let's Breach 

Using nmap we scan the network ip in our network

nmap -sn  ip_range (use root permission to scan )




After sanning there are only five ip that was not hard for me to find we are using NAT in virtualbox

after finding the ip we go for Enumeration (this is the phase where you have to see every single piece of information)


Browsing the ip we get and we also do a NMAP scan

The page look like this







After the result of nmap we found there are 21,80 port open where i paid attention to ftp mostly 




There was no anonymous login  and other credentials




 and we go for dirb to scan directory 

we only scan for .txt file. we found abuse.txt 




And the file was encoded in rot13 it was new for me 


I copy it and then deoce it from online 


Then we found that it was a directory file and it was in pcapng file which can be analyze using wireshark 





we found a ftp credentials form ashoka.pcapng

the Username was ashoka



and the password was kautilya




without any delay we login into ftp server 



then the ftp connection was in ashoke home directory 



After dir then 
the list of file we got where .ssh was also there or you can create a ssh folder using mkdir .ssh

after that we generate the ssh key and the password is blank for ssh  (we generate in my box)





And then the authorize key




again we login into ftp and upload the authorize key in .ssh folder to gain ssh shell 




The upload was succesful 

Now,it's time to gain ssh shell 

so i ssh in to the victim box 
 using ashoka user





Boom we got the ssh connection




Now, we exploit the box using  python tty shell
using metasploit





paste the shell code of python in ashoka ssh shell and hit enter 


As, we hit enter then the metasploit shell will open  as sessions


we can check it as 



as i got the shell i check for chrookit

see i use the port 4444 for everthing but i didn't get the sudo permission in that port 

Then again repeat the method of generating the sehll code of python with port 1234






after trying three times i got exploit using chrootkit




Finally i got the root shell 


HAPPY HACKING :)






Comments

Post a Comment

Popular posts from this blog

Wordpress Reverse Shell

-
Image
Wordpress Reverse Shell This post is related to WordPress security testing to identify what will be possible procedure to exploit WordPress by compromising admin console. We have already setup WordPress in our windows 7 machine. Table of Content 1) Metasploit Framework 3) Upload PHP reverse shell 4) Getting reverse shell connection Requirement: Host machine: WordPress Attacker machine: Kali Linux WordPress Credential: admin: password Let's begin 1) 1st Method  The site which we are going to test is: i login into the wordpress admin Now i check upload the reverse shell (PHP) using metasploit BOOOOOOM : I got the interactive shell of windows 7 machine Let's breach in another way 2) 2nd Method I have already done login into wordpress using admin and password So, Create a PHP code file using msfvenom Now Go to the Apprereance -> Theme editor -> 404.php templetes past a php code ...
Read more

SAR1 VULHUB WALKTHROUGH

-
Image
SAR1 (Walkthrough) This Box Is From Vulhub You Can Download It From  Link .This Box is like OSCP box which i beleive is .I pwned this box using LFI leads to RCE. Breaching Process  Finding IP Netdiscover Enumeration Browsing HTTP  service Nmap scan Enumerating directory using nikto and dirb Found robots.txt and other useful directory Enumerating sar2HTML Exploitation using searchsploit for sar2HTML found RCE Injecting php code using (wget) Got reverse shell using NC Privilege Escalation Found crontab execute shell in 5 min. Add the sudoers permission for www-data. Got root permission  Let's Breach   Using netdiscover  i found the box ip address.The ip address was 192.168.248.136 Then i scan the IP using nmap The command is nmap -sSVC -A 192.168.248.136 | tee nmap.txt Here the scan shows only 80 port which was default page of apache There was no thing to see so,i need to dig d...
Read more

EVM: 1 Vulnhub Walkthrough

-
Image
Penetration Methodologies: Finding IP Nmap Enumeration Browsing HTTP Service Directory Bruteforce using dirb Enumeration Using WPScan Password Bruteforce using WPScan Getting Login Credentials Exploitation Exploiting using Metasploit  Getting a reverse connection  Spawning a TTY Shell  Enumeration for Root Credentials Privilege Escalation  Getting Login Credentials Logging in as root Reading the Final Flag Let's Breach:     First of all finding IP for the machine i use bridge connection.The IP of machine was 192.168.1.5 I quickly nmap the website found 80 open Then i browse the server and found that apache default page and phpinfo() Nothing interesting then i bruteforce the directory you can use gobuster and nikto also While scan is complete i found a wordpress directory that leads me to an another website Then i quickly browse the http://192.168.1.5/wordpress then i found the page d...
Read more