EVM: 1 Vulnhub Walkthrough

-

Penetration Methodologies:

  • Finding IP
    • Nmap
  • Enumeration
    • Browsing HTTP Service
    • Directory Bruteforce using dirb
    • Enumeration Using WPScan
    • Password Bruteforce using WPScan
    • Getting Login Credentials
  • Exploitation
    • Exploiting using Metasploit 
    • Getting a reverse connection 
    • Spawning a TTY Shell
    •  Enumeration for Root Credentials
  • Privilege Escalation 
    • Getting Login Credentials
    • Logging in as root
    • Reading the Final Flag

Let's Breach:
    First of all finding IP for the machine i use bridge connection.The IP of machine was 192.168.1.5



I quickly nmap the website found 80 open

Then i browse the server and found that apache default page and phpinfo()


Nothing interesting then i bruteforce the directory you can use gobuster and nikto also
While scan is complete i found a wordpress directory that leads me to an another website

Then i quickly browse the http://192.168.1.5/wordpress then i found the page didn't load and i scan the vulnerable plugin themes and usename





So , i got the username



Then i brutforce the password of username using wpscan


Now let's fireup the msfconsole to test the upload shell (To get reverse shell connection)



Then i edit the username password rhost and targeturi and then hit exploit (run)


Boom , i got the shell and the shell was www-data

Let's do a privilege escalation 


There was a directory call root3r where ther was root credentials


Then i use that credentials to gain root shell



Voila, i got into root

Happy Hacking :)















Comments

Post a Comment

Popular posts from this blog

Wordpress Reverse Shell

-
Image
Wordpress Reverse Shell This post is related to WordPress security testing to identify what will be possible procedure to exploit WordPress by compromising admin console. We have already setup WordPress in our windows 7 machine. Table of Content 1) Metasploit Framework 3) Upload PHP reverse shell 4) Getting reverse shell connection Requirement: Host machine: WordPress Attacker machine: Kali Linux WordPress Credential: admin: password Let's begin 1) 1st Method  The site which we are going to test is: i login into the wordpress admin Now i check upload the reverse shell (PHP) using metasploit BOOOOOOM : I got the interactive shell of windows 7 machine Let's breach in another way 2) 2nd Method I have already done login into wordpress using admin and password So, Create a PHP code file using msfvenom Now Go to the Apprereance -> Theme editor -> 404.php templetes past a php code ...
Read more

SAR1 VULHUB WALKTHROUGH

-
Image
SAR1 (Walkthrough) This Box Is From Vulhub You Can Download It From  Link .This Box is like OSCP box which i beleive is .I pwned this box using LFI leads to RCE. Breaching Process  Finding IP Netdiscover Enumeration Browsing HTTP  service Nmap scan Enumerating directory using nikto and dirb Found robots.txt and other useful directory Enumerating sar2HTML Exploitation using searchsploit for sar2HTML found RCE Injecting php code using (wget) Got reverse shell using NC Privilege Escalation Found crontab execute shell in 5 min. Add the sudoers permission for www-data. Got root permission  Let's Breach   Using netdiscover  i found the box ip address.The ip address was 192.168.248.136 Then i scan the IP using nmap The command is nmap -sSVC -A 192.168.248.136 | tee nmap.txt Here the scan shows only 80 port which was default page of apache There was no thing to see so,i need to dig d...
Read more