Home Unlabelled Hack The Toppo:1 VM (CTF Challenge)

Hack The Toppo:1 VM (CTF Challenge)

By
Saturday, July 14, 2018
Read
Add Comment

Hello friends!! Today we are going to solve latest CTF challenge presented by vulnhub for penetration practice and design by Mr. Hadi Mene. This lab is proposal for beginners and mode of difficulty level is easy. You can download it from this Link: https://ift.tt/2mnayLr

Penetration Methodologies

  • Network scaning
  • Directory brute-force attack
  • Abusing HTTP web directories
  • Compromise confidential
  • Spawn tty shell (ssh login)
  • SUID privilege escalation
  • Get root access and capture the flag

Let’s Begin!!

You will get target VM machine IP at the time of boot-up so let’s start with nmap port enumeration and execute following command in our terminal.


nmap -A 192.168.1.104

Since port 80 was opened; so I explored target IP in the web browser and welcomed by following web page as shown below.

Unfortunately, I didn’t compute any remarkable hint from its web home page, therefore, I decided to launch directory brute-force attack through ‘dirb’ and run following command.


dirb http://192.168.1.104

The minute you will execute above command you will found so many web directories. Here /admin looks more interesting, lets figure out it.

So when I explored the following URL, it put-up a notes.txt file which might be holding something important.

https://ift.tt/2uzExTJ

So I looked into notes.txt and notice towards “12345ted123” which is a password.

Since port 22 was open so I can try ssh login and as we already have the password 12345ted123 but don’t know the username therefore, I decided to use hit-try method and use following credential for ssh login.


Username: ted (predict from password)
Password: 12345ted123

Wonderful!! We got login successfully, now move for post exploitation and try to get root access. Then by using the following command you can enumerate all binaries having SUID permission.


find / -perm -u=s -type f 2>/dev/null

And it dumped all system binaries which have SUID permissions but /usr/bin.mawk and /usr/bin/python2.7 are at my target point for escalating root privilege through them. So I had exploit this VM twice to root access.

Run following command and get the root access directly.


sudo awk 'BEGIN {system("/bin/bash")}'
id
cd /root
ls
cat flag.txt

This was 1st technique for escalating root privilege through awk one-liner.

Similarly you can perform same task by using python one-liner and can spawn root shell.


python2.7 -c 'import pty;pty.spawn("/bin/sh")'
whoami
cat /root/flag.txt

B000MM!!! We have captured the flag and challenges is completed.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post Hack The Toppo:1 VM (CTF Challenge) appeared first on Hacking Articles.



from Hacking Articles https://ift.tt/2mir7bj
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us