Basic Pentesting 1 Writeup | Vulnhub
Hello my name is Van and this is my writeup for Basic Pen-testing 1 created by Josiah Pierce. This VM is recommended for beginners (like me) who wanted to give it a try on how to do basic pen-testing.
The main objective of this pentest is to have root access in the ubuntu terminal.
First things first, we will need to do an active recon.
I tried looking around in the login screen of the target terminal and noticed that you can do a guest login without a password.
I logged in as a guest and gone to the terminal to do an ifconfig command to find the IP address of the target then log out.
After finding the target’s IP, I wrote it down and started doing the scan using NMAP on my Kali Terminal.
Take note of this open ports for later usage.
- 21/tcp open ftp ProFTPD 1.3.3c
- 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
- 80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
Tried googling for ProFTPD 1.3.3c vulnerabilities and stumbled upon this.
Apparently, you can use metasploit for making a backdoor for ProFTPD 1.3.3c
Opened my terminal to enter metasploit via msfconsole.
Set rhosts to the target IP while lhost as your Kali terminal. also set payload to 4.
And you are in.
Is it finished? nope.
We still have a lot of optional objectives to do.
- Have access to marlinspike’s account.
- Change the http website hosting in the ubuntu terminal.
- Add a new user.
In objective 1, There are two ways to do this, you can either change the password of marlinspikes into a different using passwd via the backdoor made by the ProFTPD 1.3.3c vulnerability.
The second one is to brute-force. I actually stumbled upon marlinspike’s password by simply using the username as the password.
In objective 2, changing the website hosted by the terminal. You can use the backdoor access made by the ProFPTD again.
/var/www/html contains the files that are hosted in the ubuntu terminal.
index.html is the file that was hosted by the ubuntu terminal. to change the content of the file you can simply do a echo command. In this case, we will be using my placeholder html file.
This command pretty much overrides the file content using the echo command.
Upon checking it via a web browser, this is the output.
In objective 3, we will be adding a new user. Once again, we will be using the ProFTPD root backdoor. In this situation, we will be doing adduser command.
Upon checking the login screen, my newly created account is made.
At this point, we pretty much did the main objective and some optional objectives on the side. Let me know if you have any questions about my approach.
PERSONAL NOTES:
- As my mentors from TrendMicro once said, Google is Your Friend (GIYF).
- Also, please check TCM Security’s Practical Ethical Hacking (PEH) Course. I use the guide for any particular techniques and tools in Pentesting.